how to pass a password with a cron job safely?
To avoid showing the password on the command where other users can see it with ps
, you should not pass the password in the command. It's why many utilities don't support passwords as command line arguments.
Instead store your password in a ~/.netrc
file and pass the -n
option to curl.
For the details of file syntax, I let you see the man of curl.
Related videos on Youtube
Comments
-
inckka almost 2 years
I have a site map generator script placed in this URL
http://www.mydomain.com/admin/sitemapgen/
However this URL is protected with an username and a password in auth_type basic method.
I need to place a cron to access this URL once a week. So I've decided to use the
curl
command and placed the cron like below.curl -u username:mypassword http://www.mydomain.com/admin/sitemapgen/
I'm aware that sending a password through http is insecure, however at least I'm trying to hide the password from server/hosting panel users from this
curl
command.1) Are there any methods to hide the password in this
curl
command? I read something about placing a plain text file with the password in server and use it with the -k option. However I'm not in to place the password in a plain text file either.2) Are there any other commands than curl to use for this specific purpose?
-
inckka over 9 yearsThis answer is useful and I've already tried it and working. However when creating the .netrc file I had to specify the
machine
name. And according to above my example, I have specified the value as www.mydomain.com My requirement is done. However another security vulnerability occurs. Because I don't want to let some one access the main domain. However after creating .netrc file, now every one cancurl -n
in the site without any username and password. is there any method to specify the .netrc machine name to www.mydomain.com/admin/sitemapgen/ -
alexises over 9 yearsYou should make this action using a custom user for the generation