[Rd] Masked user input

Duncan Murdoch murdoch at stats.uwo.ca
Sat Jun 13 15:57:35 CEST 2009


On 12/06/2009 6:08 PM, miller_2555 wrote:
> Hi - 
> 
>    I'm creating a package of database tools. A function in the package
> requires the username and password as input to the function in order to
> initially connect to the target database(s). Of course, this poses a
> significant security issue given the possible retention of the function
> statement in cleartext. I did not readily encounter a package meant to mask
> input from the user nor do I know of any method to prevent sensitive
> information from appearing on-screen or from logging in the command history
> of a running R session. While using the --vanilla option when starting R
> helps with permanent logging of sensitive information, it is not always
> preferable to run R with special flags.  Is any solution available to
> prevent the logging/ display of user input. Obviously, hard-coding the
> sensitive information is not an option. 
> 
> Note: I currently use the following (summarized) convention:
> 
> myloginfunction <- function(uname = readline("Enter username") , passwd =
> readline("Enter password")) { print(c(uname,passwd)); };
> 
> However, the readline function prints the response on-screen. 

I think you want to use a GUI toolkit for this.  For example, with tcltk 
(which is available on all platforms):

library(tcltk)
tt<-tktoplevel()
Password <- tclVar("")
entry.Password <-tkentry(tt,width="20",textvariable=Password,show="*")
tkgrid(tklabel(tt,text="Please enter your password."))
tkgrid(entry.Password)
OnOK <- function()
{
     tkdestroy(tt)	
     Password <<- tclvalue(Password)
     cat("The password was ", Password, "\n")
}
OK.but <-tkbutton(tt,text="   OK   ",command=OnOK)
tkbind(entry.Password, "<Return>",OnOK)
tkgrid(OK.but)
tkfocus(tt)

(This is modified from an example on James Wettenhall's page 
http://bioinf.wehi.edu.au/~wettenhall/RTclTkExamples/).

Duncan Murdoch



More information about the R-devel mailing list