I'd like to revisit an old SO question about passwords. Like the OP, I don't want to enter my password interactively, but I am confused about how to store the password securely on my machine and share scripts with colleagues (and I'd add specifically, push scripts to GitHub). The accepted answer involves storing the password in .Rprofile, but one commenter suggests that this is not a good idea.
In my specific use case, I have a script that runs every day on a virtual machine that I want other members of my team to access. At the end of the run, it sends an email with the mailR package. This code looks for my gmail password. I've set up 2-step authentication, so mypassword is a third-party password, not my actual gmail password. Still, I am hesitant to share this with others. I'd like to be able to push the script to a private git repo.
send.mail(from = "myemail#gmail.com",
to = tolist,
subject = "my subject",
body = "my message",
smtp = list(host.name = "smtp.gmail.com", port = 465,
user.name = "myusername",
passwd = "mypassword",
ssl = TRUE),
authenticate = TRUE,
html = FALSE,
send = TRUE)
How would you store mypassword?
Storing it in .Rprofile seems to be an option, but I don't know if there are downsides like the one mentioned in response to the accepted answer in the question I linked to.
I could store it in another file like auth.R and run source('auth.R') before send.mail, but this would put the password in the global environment.
Other ideas?
Related
i'm having an issue with my ps1 script to send mails. The problem, I have to send this script to multiple users and I dont want them to read my smtp credentials from the mail sender, is there any way to encrypt or hide the password line only, and still can be executed?
$Username = "test"
$EmailPassword = "jlkajdksajeqw"
$Attachment= "c:\validacion.zip"
$EmailTo = ("seleccionestmk#gmail.com")
$EmailFrom = "seleccionestmk#telemercado.com.ar"
$Subject = "Validacion BPC"
$Body= "Validacion realizada, dentro del archivo zip, se encuentran los datos necesarios para aprobar o denegar la validacion. Saludos"
$SMTPServer = "mail.telemercado.com.ar"
$SMTPMessage = New-Object System.Net.Mail.MailMessage($EmailFrom, $EmailTo, $Subject, $Body)
$Attachment = New-Object System.Net.Mail.Attachment($Attachment)
$SMTPMessage.Attachments.Add($Attachment)
$SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
$SmtpClient.UseDefaultCredentials = $false
$SMTPClient.EnableSsl = $true
$SMTPClient.Credentials = New-Object System.Net.NetworkCredential($Username, $EmailPassword)
$SMTPClient.Send($SMTPMessage)
If you encrypt the sensitive values somehow then the receiver of the script needs the decryption key in order to read the sensitive values to run the script.
You could run some kind of obfuscation software over your script to make it harder for the receiver of the script to extract the sensitive values, but you can never prevent such an extraction.
The best way would be to re-engineer the system in such a way that giving the credentials to the users is not an issue. For example, scope the email account from which emails are sent in such a way that it is used only for this one use case and all the users that you give the script to are also supposed to use it as such. If you're using the email account for other things then move them to a different account with different credentials.
Another way would be to create a server endpoint which validates the personalized credentials of the users (you need to give each user their own credentials) that you gave the script to and stores the credentials for the email account only on the server. The server would need to validate the fields that they conform to the way this email account should be used.
I am implementing a log in page to a ShinyApp (I cannot use any paid features of Shiny Server Pro or anything like that) and came accross some sample code to do so on the following website:
https://www.listendata.com/2019/06/how-to-add-login-page-in-shiny-r.html
It uses the sodium package which is build on sodium to store and check passwords. The relevant code is
credentials = data.frame(
username_id = c("myuser", "myuser1"),
passod = sapply(c("mypass", "mypass1"), sodium::password_store),
permission = c("basic", "advanced"),
stringsAsFactors = FALSE,
)
The use inputs a username and password through a text box and then the shinyapp checks for a match using the function sodium::password_verify
The first thing I noticed is that the passwords get stored as rownames:
> credentials
username_id
mypass myuser
mypass1 myuser1
passod
mypass $7$C6..../....etc..
mypass1 $7$C6..../....etc..
permission
mypass basic
mypass1 advanced
Is this a mistake? Surely this defeats the point of storing the passwords as hashes.
Once I've added row.names = NULL to the dataframe, is this a reasonably secure method to store log in details? Are there other methods/packages or other free services to manage user accounts and authentication to Shiny?
How can I send mails from R via Outlook?
I was told to use the sendmailR package, but I could not figure out how to specify certain control settings (such as port, username and password). I was also redirected to this post, but it did not help.
I switched to the mailR package. I can send mails from other servers, such as smtp.gmail.com, but I do not know the Outlook server details. What are the protocol, server and port details required to send mails via Outlook using mailR?
Or you can use DescTools::SendOutlookMail()
library(DescTools)
SendOutlookMail(to = c("me#microsoft.com", "you#rstudio.com"),
subject = "Some Info",
body = "Hi all\r Find the files attached\r Regards, Dude",
attachment = c("C:/temp/fileA.txt",
"C:/temp/fileB.txt"))
This took me a while to figure out. Try this:
send.mail(from = "username#custom.org",
to = c("recipient1#custom.org", "recipient2#custom.org"),
subject = "Title",
body = "Hello from R.",
authenticate = TRUE,
smtp = list(host.name = "smtp.office365.com",
port = 587,
user.name = "username#custom.org",
passwd = "Pa55w0rd",
tls = TRUE))
It is a common misconception that the port is 25 or 447. I believe port 25 can only be used whenauthenticate = FALSE.
Many sources claim that the correct server is smtp-mail.outlook.com. Perhaps you could try this in the event that the code does not work. Moreover, do not use ssl = TRUE. It has to be tls = TRUE.
Shoutout to Rahul Premraj's answer to this archived 2014 question.
How can I change the admin password for a Glassfish Domain using a password file? I know the conventional method of manually typing the password upon prompt.
However I want to change the admin password using a script where in I do not have to manually type the password.
This is possible, but you will need 2 password files if you want to script this fully in the easiest way.
Create a temporary file (tmpfile in my example) which will hold the current password (blank by default) and the desired new password:
AS_ADMIN_PASSWORD=
AS_ADMIN_NEWPASSWORD=myNewPassword
Now create a password (pwdfile in my example) file which will contain the changed admin password:
AS_ADMIN_PASSWORD=myNewPassword
You can then use the files to change the password using the commands below, making sure to use tmpfile when changing the password, then pwdfile afterwards
$PAYARA_PATH/bin/asadmin start-domain
$PAYARA_PATH/bin/asadmin --user $ADMIN_USER --passwordfile=/opt/tmpfile change-admin-password
$PAYARA_PATH/bin/asadmin --user $ADMIN_USER --passwordfile=/opt/pwdfile enable-secure-admin
$PAYARA_PATH/bin/asadmin restart-domain
This example was adapted from the way the Payara Server dockerfile works
For anyone still interested in manually setting the admin account password:
I tried to generate the contents of the "admin-keyfile" located in "glassfish/domains/{ACTIVE_DOMAIN_NAME}/config/admin-keyfile" based on the current implementation of the Payara Repo. This file (as the data source for the FileRealm) is used to authenticate the admin user when accessing the admin interface under port 4848.
Each line of this text file represents an account and is structured as
USERNAME;PASSWORD;GROUPS
The field "PASSWORD" is prefixed with a hash algorithm keyword (wrapped in curly braces, e.g. "SSHA" or "SSHA256") followed by a BASE64 encoded hash of the concatenated salted hash and the salt value itself (some random bytes):
{SSHA}BASE64(SHA(password,salt),salt)
Long story short: If you want to generate user accounts manually you could for example use the following Python script:
import hashlib
from base64 import b64encode
from secrets import token_bytes
from getpass import getpass
username = 'admin' # input('Username: ')
plainTextPassword = getpass()
randomSalt = token_bytes(8)
passwordHash = hashlib.sha256()
passwordHash.update(plainTextPassword.encode('utf-8'))
passwordHash.update(randomSalt)
passwordDigest = passwordHash.digest()
# cryptic range reflects the strange implementation... feel free to change it to "range(98)"
# https://github.com/payara/Payara/blob/6488cbdc90fd0f6c42de6a42affcd09f697be715/nucleus/common/common-util/src/main/java/org/glassfish/security/common/SSHA.java#L108
for run in range(2, 101):
passwordHash = hashlib.sha256()
passwordHash.update(passwordDigest)
passwordDigest = passwordHash.digest()
saltedHashAndSalt = b64encode(passwordDigest + randomSalt).decode('utf-8')
result = '{0};{{SSHA256}}{1};asadmin'.format(username, saltedHashAndSalt)
print(result)
Insert the console output into the "admin-keyfile" and (re)start your server.
As far as I know, it is impossible to change it via a file as a parameter for security reasons.
You can consider an alternative solution (pipe) but the confirmation of the password is always necessary. https://docs.oracle.com/cd/E19798-01/821-1758/change-admin-password-1/index.html
We have a domain name "www.mycloudcctv.com" at godaddy.com and we have created a sub domain cam.mycloudcctv.com which points to 212.78.237.157
We have an application running on third party server (212.78.237.157). This application wants to send an email on our behalf using the email address “alerts# mycloudcctv.com ". Following code snippet (ASP.NET) is being used to send the email from (212.78.237.157)
var mailClient = new SmtpClient();
mailClient.Credentials = new NetworkCredential { UserName = "alerts#mycloudcctv.com", Password = "xyz" };
mailClient.Port = 25;
mailClient.Host = "smtpout.secureserver.net";
mailClient.EnableSsl = false;
var mail = new MailMessage("alerts#mycloudcctv.com", "azharmalik3#hotmail.com", "Test Smtp server", "Testing mycloudcctv server") { IsBodyHtml = true };
//Now Send the message
mailClient.Send(mail);
Everything works fine and emails are being sent however they end up in SPAM/JUNK folders of gmail/hotmail/yahoo. Could you please provide us necessary information so that our emails go to inbox instead of spam folders?
this is a BIG question with lots of complex issues, but it really boils down to three main areas:
Does the email come from a server which has be delegated the authority to deliver emails for the specified domain?
Is the content of the email just hyperlinks and does it contain text which would trigger spam assassin to mark as spam.
Is your server blacklisted for spam
For point 1 look into how to setup SPF records for send authority. http://www.mydigitallife.info/how-to-set-up-and-create-sender-policy-framework-spf-domain-dns-txt-record-with-wizard/
For point 2 get a copy of spam assassin and run your emails through it to see the score.
http://spamassassin.apache.org/
For point 3 http://whatismyipaddress.com/blacklist-check
This is not that easy. There are fair few things you have to do. For example SendGrid has some guidelines:
http://support.sendgrid.com/entries/21194967-deliverability-101
I found this blog-posting extremely useful! Give it a good read, it covers a lot of the points already mentioned here thus far:
http://www.codinghorror.com/blog/2010/04/so-youd-like-to-send-some-email-through-code.html