General: Best way to deal with cleartext password? Specific: Cygwin/email/bash

General: Best way to deal with cleartext password? Specific: Cygwin/email/bash I'm setting up Cygwin, and one of the packages I'm using is 'email' for, what else, sending e-mail from a script.
Asked by: Guest \| Views: 204

Total answers/comments: 1

Comments display order:

Guest [Entry]

"There are a couple different ways of dealing with this.

You can hash the stored password or use part of the hash of the stored password as your password. This won't actually protect the password in any way, since the script itself will likely have the method to unhash the password embedded, but it'll prevent the clear-text password from being present in a file. You can use sha1sum, md5sum or even crypt.
You can use script to call your email program with the password sent as an argument. The script itself can contain your password, although you can hash this value or even use sqlite3 to store it. If you're not worried about having to run the script in the background unattended, then it should be relatively easy to have a script query you for a password then send that to the email command.
You can use expect to respond to the prompting done if you use smtp-auth='LOGIN'. Expect is a package you can install on cygwin. There is a question on stackoverflow on how to make expect prompt for a password. This is more of a solution if you need the script to be able to send the password while unattended.

For a simple expect snippet for sending password to something like ssh-add

set timeout -1
spawn ssh-add
match_max 1000000
expect ""Enter passphrase for ""
send -- ""$password\r"""