Go Back   MacRumors Forums > Apple Systems and Services > Programming > Mac Programming

Thread Tools Search this Thread Display Modes
Old Jan 31, 2013, 09:36 PM   #1
macrumors newbie
Join Date: Jun 2011
Passwords in AppleScript

Hi everyone,

I'm pretty new to AppleScript and want to write a fairly basic script that logs me into a website that has the irritating trait of logging me out every 15 minutes. The website's on a medium security level for me: I'm OK having a script constantly log into it, but I'd like to avoid people getting in if at all possible. Of course, I could just write a script telling it to put in my username and password, but if some unscrupulous person gets hold of my computer, the plain-English nature of AppleScript will probably make my password pretty obvious.

So, the question is...does anyone know of a way to get around putting the password directly in the script? An idea I had is having an encrypted .txt file with the password and the script somehow decrypting it, but I'm not really sure how to go about doing that or whether that's even any more secure. If the file's just encrypted with another password, then that password will have to go in the script, of course. I also thought about turning the script into an app, but again, I don't know if that's any better.

Thanks in advance!

PS I've tried this: https://www.google.com/#hl=en&tbo=d&...ut+in+password and this: https://www.google.com/#hl=en&tbo=d&...enter+password, plus a few more similar searches, but all I've really found is some stuff about Terminal that doesn't seem relevant, and this: http://forums.whirlpool.net.au/archive/1090217 which goes to no lengths to secure the password. This feels like a question somebody must have had before and I don't want to spam the forum, but I can't seem to find anything...apologies if I missed something.
efsad is offline   0 Reply With Quote
Old Jan 31, 2013, 11:51 PM   #2
macrumors 603
Join Date: Aug 2009
Originally Posted by efsad View Post
... If the file's just encrypted with another password, then that password will have to go in the script, of course.
That's the problem in a nutshell. And there isn't a secure solution for it, at least not for the scenario as given.

Anything with automated access to a secret can have its builtin secret extracted. Unless you secure the automaton itself, using another secret. And then it's turtles all the way down.

If you put the secret itself on an external device, such as a USB flash drive, and have the script read it from there using a known pathname, then at least the secret is separable from the script. However, since you didn't describe how you expect your computer to fall into unscrupulous hands, I don't know whether that's a viable strategy or not. Separability is much less useful if the two parts always travel together, e.g. you use an SD card that remains plugged in all the time.

Frankly, I can't think of any kind of website where I'd need to be continually logging in, where I was concerned about the password. Not even a banking or securities trading site. I'd be more concerned that an unscrupulous person would walk off with my $1500 computer, rather than that the password I log in with was compromised. If I was that concerned about the physical security of the computer, I'd simply not use that website in a public place from my mobile computer.

If there's some other meaning attached to this particular password, such as you reuse it on multiple sites, then the solution there is to stop doing that. You should have a contingency plan for revoking, resetting, or invalidating any high-value password. The purpose of such a plan is to lower the value of the password.

I don't know of any security problems that are resolved by being vague about the details. All vagueness does is mask weaknesses or allow sloppy analysis. Only a clear and frank discussion of exactly what's being defended, and against what attacks, is likely to result in a solution. So maybe you should clearly explain what the website is, why it has a 15-minute expiry, why logging in repeatedly with a script isn't a fundamental security problem, and what kind of physical attacks on your computer you're trying to thwart.

Last edited by chown33; Feb 1, 2013 at 12:10 AM.
chown33 is offline   0 Reply With Quote
Old Feb 4, 2013, 07:02 PM   #3
macrumors 65816
Join Date: Apr 2011
This is a couple years out of date, but the basics still work with a little tweaking:
Scripting Keychain Access in Lion
Partron22 is offline   0 Reply With Quote

MacRumors Forums > Apple Systems and Services > Programming > Mac Programming

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
iPad: iPads and passwords jjk454ss Jailbreaks and iOS Hacks 0 Feb 23, 2014 06:03 PM
Safari passwords!! Tobias Funke Mac Applications and Mac App Store 11 Jan 15, 2014 09:44 AM
AppleScript: How do I save multiple Excel sheets to one pdf using Applescript sbtaylor1 Mac Programming 0 Oct 28, 2013 11:38 PM
AppleScript: How do I save multiple Excel sheets to one pdf using Applescript sbtaylor1 Mac Applications and Mac App Store 0 Oct 28, 2013 11:32 PM
Passwords justein iCloud and Apple Services 2 Jul 14, 2012 03:23 AM

Forum Jump

All times are GMT -5. The time now is 04:09 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2015, MacRumors.com, LLC