1

I'm not the first person to run python scripts that require plain text credentials for third party web services as scheduled tasks. Answers to these questions provide some ways to obscure or otherwise keep sensitive information out of sight. I like the ssh-agent solution because it avoids the need for a file somewhere containing this information but I don't think I can implement it in my environment.

I'm curious as to why the general approach is not to require the user to input the information as command line arguments like

python myPythonScript.py UserName Password

If these parameters are defined in the scheduled task, I think only the logged in user would be able to access the task definitions. This probably isnt any worse than obfuscation.

I have to use Windows; surely scheduled task definitions are not accessible by all users... (I checked using the answer to How to find the location of the Scheduled Tasks folder and you need admin rights to access that folder)

Before I go ahead and use this approach, is there a reason why this would be a bad idea?

Nathan majicvr.com
  • 950
  • 2
  • 11
  • 31
Tom Wilson
  • 65
  • 5

1 Answers1

1

I would encrypt my password(s) rather than doing something like that. Another potential problem is your bash history will now have your password in it.

Nathan majicvr.com
  • 950
  • 2
  • 11
  • 31
  • I'm not sure if encrypting the passwords would work, the python script must contain the logic to decrypt them in order to send them off to the web service(s). The python script is located on a network share so anyone would be able to decrypt them. While I am not using bash it is good to know that all the input would turn up in the logs. I will research Windows task scheduler to see if a similar problem would occur on that platform. – Tom Wilson Mar 06 '18 at 22:21
  • @TomWilson 1) I'm not familiar enough with the problem to know whether/where it would appear in the logs. But yes, generally logs are kept in bash. Let us know if you have any more info for us; someone more knowledgeable than me could also chime in 2) as a general rule, the more info you give us on SO, the better we can help. Welcome to the community! :) – Nathan majicvr.com Mar 07 '18 at 04:59