Re: [Rd] Masked user input

From: Duncan Murdoch <murdoch_at_stats.uwo.ca>
Date: Sat, 13 Jun 2009 09:57:35 -0400

On 12/06/2009 6:08 PM, miller_2555 wrote:
> Hi -
>
> I'm creating a package of database tools. A function in the package
> requires the username and password as input to the function in order to
> initially connect to the target database(s). Of course, this poses a
> significant security issue given the possible retention of the function
> statement in cleartext. I did not readily encounter a package meant to mask
> input from the user nor do I know of any method to prevent sensitive
> information from appearing on-screen or from logging in the command history
> of a running R session. While using the --vanilla option when starting R
> helps with permanent logging of sensitive information, it is not always
> preferable to run R with special flags. Is any solution available to
> prevent the logging/ display of user input. Obviously, hard-coding the
> sensitive information is not an option.
>
> Note: I currently use the following (summarized) convention:
>
> myloginfunction <- function(uname = readline("Enter username") , passwd =
> readline("Enter password")) { print(c(uname,passwd)); };
>
> However, the readline function prints the response on-screen.

I think you want to use a GUI toolkit for this. For example, with tcltk (which is available on all platforms):

library(tcltk)
tt<-tktoplevel()
Password <- tclVar("")
entry.Password <-tkentry(tt,width="20",textvariable=Password,show="*") tkgrid(tklabel(tt,text="Please enter your password.")) tkgrid(entry.Password)
OnOK <- function()
{

     tkdestroy(tt)	
     Password <<- tclvalue(Password)
     cat("The password was ", Password, "\n")
}
OK.but <-tkbutton(tt,text=" OK ",command=OnOK) tkbind(entry.Password, "<Return>",OnOK)
tkgrid(OK.but)
tkfocus(tt)

(This is modified from an example on James Wettenhall's page http://bioinf.wehi.edu.au/~wettenhall/RTclTkExamples/).

Duncan Murdoch



R-devel_at_r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel Received on Sat 13 Jun 2009 - 14:01:30 GMT

Archive maintained by Robert King, hosted by the discipline of statistics at the University of Newcastle, Australia.
Archive generated by hypermail 2.2.0, at Tue 16 Jun 2009 - 12:36:04 GMT.

Mailing list information is available at https://stat.ethz.ch/mailman/listinfo/r-devel. Please read the posting guide before posting to the list.

list of date sections of archive