Masking raw_input / disable screen output

Question

ds2000 0 Newbie Poster

14 Years Ago

Hi all,

Hopefully a quick one. I have some weblogic build scripts that configure a WebLogic Server environment. Previously DB connection credentials have been allowed to be stored in build property files. However new security regulations mean that this is no longer possible.

I am trying to write a prompt as part of my database connection creation loop. Unfortunately I have tried getpass and it doesn't work; it errors on solaris and windows saying:

"Warning (from warnings module):
File "C:\Program Files\Python2.7\lib\getpass.py", line 92
return fallback_getpass(prompt, stream)
GetPassWarning: Can not control echo on the terminal.
Warning: Password input may be echoed.

Then it displays the entered password to the screen in all my test areas except for a pure python command shell (even the python gui displays the password)

Does anyone have any suggestions or knows of a library that can help me here?

Thanks

Dave

python

4 Contributors
7 Replies
2K Views
3 Weeks Discussion Span
Latest Post 14 Years Ago Latest Post by ds2000

woooee 814 Nearly a Posting Maven

14 Years Ago

Vegaseat did one a while ago and posted it http://www.daniweb.com/forums/thread198855.html I think most GUI toolkits include methods to do this.

import Tkinter as tk
 
root = tk.Tk()
 
def show_pw():
    pw = pw_entry.get()
    label2['text'] = pw
 
 
label1 = tk.Label(root, text="Enter password for user Frank: ")
# shows only * when entering a password
pw_entry = tk.Entry(root, show="*")
# cursor here
pw_entry.focus()
# click on button to show the password
button = tk.Button(root, text='show password', command=show_pw)
# label to show result
label2 = tk.Label(root)
 
# widget layout, stack vertical
label1.pack()
pw_entry.pack()
button.pack()
label2.pack()
 
# start the event loop
root.mainloop()

And on Linux, we can use termios, but don't know if is it also available on Solaris.

import termios, sys, os                                                         
#import termios, TERMIOS, sys, os                                               
TERMIOS = termios                                                               
def getkey():                                                                   
        fd = sys.stdin.fileno()                                                 
        old = termios.tcgetattr(fd)                                             
        new = termios.tcgetattr(fd)                                             
        new[3] = new[3] & ~TERMIOS.ICANON & ~TERMIOS.ECHO                       
        new[6][TERMIOS.VMIN] = 1                                                
        new[6][TERMIOS.VTIME] = 0                                               
        termios.tcsetattr(fd, TERMIOS.TCSANOW, new)                             
        c = None                                                                
        try:                                                                    
                c = os.read(fd, 1)                                              
        finally:                                                                
                termios.tcsetattr(fd, TERMIOS.TCSAFLUSH, old)                   
        return c                                                                
                                                                                
if __name__ == '__main__':                                                      
    print "type something...'q' to quit"                                        
    s = ''
    while 1:                                                                    
        c = getkey()                                                            
        if c == 'q':                                                            
                break                                                           
        print "captured key", c, ord(c)                                         
        s = s + c                                                               
                                                                                
    print "Password =", s

Edited 14 Years Ago by woooee because: n/a

skott 4 Newbie Poster

14 Years Ago

Hey ds2000,

I was researching on masking password in a WLST script and came across your thread. Here is what I ended up doing in WLST script without having to load other compiled classes. Note that you will always see a single * before you even type the password.

import os
import sys
import threading
from java.io import *

class MaskingPassword(threading.Thread):
  # This thread will take over control and put a * for every character you type. 
  # If you try to type characters too fast for a test, you might see some in clear text, but that's not the human speed to type a password. 
  def __init__ (self):
    threading.Thread.__init__(self)
    self.stop_event = threading.Event()
  def stop(self): 
    self.stop_event.set()
  def run(self):
    Thread.currentThread().setPriority(Thread.MAX_PRIORITY)
    while not self.stop_event.isSet():
      sys.stdout.write("\010" + "*")
      Thread.currentThread().sleep(1)



userId = raw_input('Enter username:')
MaskingThread = MaskingPassword()
MaskingThread.start()
passWd = raw_input("Enter password: ")
MaskingThread.stop()

Gribouillis commented: great first post ! +4

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

ds2000 0 Newbie Poster · Answer 1 · 2010-10-25T15:59:12+00:00

Thanks for the replies; normally using a 'normal' python shell this would be fine, however I'm using oracle weblogic wlst - which I believe is jython; I've tried to manually force the tk-lib files into the wlst path but it can't work with tkinter.py sadly and errors when I try to import it.

wls:/offline> import Tkinter as tk
Traceback (innermost last):
  File "<console>", line 1, in ?
  File "c:\bea\WEBLOG~1\WLSERV~1.3\common\wlst\lib\Tkinter.py", line 1061
                                    nv.append(('{%s}' if ' ' in item else '%s')
% item)

Terminos may be a usable option for my solaris builds, that just leaves the issue of windows. Never an easy day with this :)

Thanks

Dave

TrustyTony 888 pyMod Team Colleague Featured Poster · Answer 2 · 2010-10-25T17:50:53+00:00

that is jython

Jython -> can use java classes -> find password entry class for Java

woooee 814 Nearly a Posting Maven · Answer 3 · 2010-10-25T22:21:07+00:00

Also, you can check wxpython and qt to see if they will run on Solaris. It doesn't matter which GUI toolkit you use as you can find password entry programs for any of them on the web.

ds2000 0 Newbie Poster · Answer 4 · 2010-10-26T15:09:59+00:00

Thanks again folks. I've managed to compile a working class and import into wlst without any issues, however I am stumped as to how I can get it to try and execute. Previously with getpass I would enter the code password=getpass.getpass("Please Enter Password for " + dbSID + " :") and that would work.

I have compiled the code from here http://theflashesofinsight.wordpress.com/2009/11/15/java-6-read-password-from-command-prompt-with-masking-enabled/

I am no doubt missing something simple and fundamental; I've been writing in WLST for over a year but not had to do anything like this before so apologies again for asking.

Thanks

Dave

ds2000 0 Newbie Poster · Answer 5 · 2010-11-15T16:07:06+00:00

You sir, are a legend and a gent!

I'd given up and started writing (well 80% finished) a java util that was called by build.xml. It essentially looked at the property files, broke the tree down for datasources and for each one ran a masked password subroutine (easy in java) that prompted for a password and ran it against weblogic.security.encrypt and then put the output back into the property file. Your way is 100x easier.

Thanks again, if you were local I'd grab you a beer!

Dave