Hello,
I have just started playing with Applescript and I built an app to sign me in automatically to a site kinda like keychain. I would like to hide the password within the Applescript application text as anyone whom knows can simply open up the App in Applescript and view my password. Please, anyone have any ideas?
dofromon
MacBook Pro with Retina display, OS X Mavericks (10.9.2)
AppleScripts can be saved as run-only, which will keep a casual user from seeing the code, but there isn't a way to keep plain text from being seen. You should never place sensitive information in plain text in your script/application, or even use them with global variables, since those are also saved with the script.
The security shell utility can be used to get a password from the system keychain, for example:
getKeychainPass("Apple") -- example
ongetKeychainPass(itemName)
returntext2thru-2of (do shell script"security 2>&1 >/dev/null find-generic-password -gl " & quoted formofitemName & " | awk '{print $2}'")
endgetKeychainPass
AppleScripts can be saved as run-only, which will keep a casual user from seeing the code, but there isn't a way to keep plain text from being seen. You should never place sensitive information in plain text in your script/application, or even use them with global variables, since those are also saved with the script.
The security shell utility can be used to get a password from the system keychain, for example:
getKeychainPass("Apple") -- example
ongetKeychainPass(itemName)
returntext2thru-2of (do shell script"security 2>&1 >/dev/null find-generic-password -gl " & quoted formofitemName & " | awk '{print $2}'")
endgetKeychainPass
red_menace,
Thank you but not exactly what I am looking for. If I save as run-only the script probably does not perform the actions (just a guess - please correct me if I am wrong). What about doing another script to hide text within the script would that work? Maybe the second script hides or blocks access to the script within an application. Another thought I have had is an XCode program but I do not expect that complicated of an answer here.
My original thought was to >tell application to hide text line 4 (I know this is not the correct script just trying to convey my thoughts better).
My next thought is if you know which line of script it is, could another script modify that particular line to be hidden or as I spoke of previously hide the script within the App or block anyone from looking at the script all-together. I am also thinking this might require a more difficult program like XCode but maybe something simple that could be put in Automator.
(Afterthought) How secure is keychain - I do not use it because I do not like what this script does in the first place, it is too insecure in my thoughts. I could be wrong but like pregnancy the best way to not have it happen is to abstain in the first place. This is strictly for learning purpose only.
Either way thanks again. What you posted does help just not what I am looking for. Hope you have a great day!
dofromon
A run-only script is just that - it will only run, you can't open it in a script editor. The problem is that the text strings used by a script (or any other application) are stored somewhere in the program files - there is no encryption, so doing something simple like performing a hex dump of a file will reveal the text.
If you don't want data to be seen by someone looking at your program files, it needs to be encrypted in some way, or not included in the application to begin with. Apple's keychain is just handy to use for something like this, since it is a part of every system installation - its data is encrypted like any other password storage utility.
There was a keychain scripting addition in earlier OS versions, but the shell utility I posted is the current method to access items in the keychain. If you are looking at a more portable solution, there are various security frameworks built in to the system, but you would probably need to use something other than regular AppleScript.
Hey red_menace,
Thanks again. Just as I thought. I am in over my head on this. For learning purposes though could you look at the script for me. There is still something wrong with the fundamentals of it and I am not sure what it is. I have entered giberish where the sensitive material would go. When I orginally ran it I did not have the last command of "END" on the script and it seemed to have run fine but after adding said command (I read something that told me it should be there) the script after running tells me it could not get end and has two buttons one for Edit and the other for OK. I suspect the seeming to have run just fine was in fact not actually ending and still somehow running in the background using up RAM. Note: As I said this is not something I would use on a regular basis it is just for learning purpose. Still wishing you a great day!
dofromon
oops, forgot the script.
tell application "Finder" to open location "https://login.yahoo.com/config/login_verify2?&.src=ym&.intl=ca"
delay 12
end delay
tell application "System Events"
keystroke "dgshjdg@gkjsadghk.com"
keystroketab
keystroke "sgjhgivnmne"
keystrokereturn
end tell
end
The end delay statement shouldn't be in there - delay is a command and not a control statement, so it doesn't need an end. You also don't need the Finder for the open location command.
Edit - oops, missed that last end - you don't need that, either.
How do I hide text within an Applescript script?
