Hi Ben, Jon Libes of the National Institute of Standards and Technology (NIST) has written a guide on how to handle passwords in backgrounded processes:
http://expect.nist.gov/doc/bgpasswd.pdf It has more suggestions on how to handle passwords securely. As you might expect, it doesn't have a single definitive answer to your question either. There are many ways to handle passwords with varying levels of convenience and security in mind. [comments about telnet] The use of telnet is already problematic in terms of security. Telnet passwords are sent in the clear. (So, although this is unrelated to your particular problem, I think you should encourage your system administrators to look into ssh in the long term. HP appears to support it: http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA) > But surely my problem is a very common one. Every web-app must supply a > username and password to make a connection to its backend database, for > example. One approach that's often used in these kinds of applications is to keep a separate configuration file with those usernames and passwords. Then we can use the operating system's mechanisms (like file permissions) to keep that file mostly safe from prying eyes. This is mentioned in the "Handing Passwords with Security and Reliability in Background Processes" link above. One problem, though, is that anyone who has privileges to execute the password-reading program will probably have the same power to read that configuration file directly. I can see encrypting the configuration file as a way of making it a bit more difficult for people to accidently run across the passwords, and perhaps that's enough security for your purposes. Best of wishes! _______________________________________________ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor