Scripting help/advise on hiding/masking username/password

[newbie_01]

Hi,

I currently have a UNIX script with a function that uses a username and password to connect to the database, retrieve some information and then exit.

At the moment, am getting the username and password from a hidden plain text file and permission set to -r--------, i.e. read only to who own the file.

The owner of the file is the same owner of the script. At the moment, am not too overly concern as the script works as it is but I want to know if anyone have a suggestion if there is any better way of achieving the same thing with some "form" of security, i.e., for example, masking the username/password.

Basically, I want to be able to mask or hide the username or password in some way. I've thought about encryting the password file, which is in plain text, using simple crypt command from which I retrieve the username and password but I need to decrypt it as well which is sort of similar to how it will be as it is now once it is decrypted.

Is there anyway that I can get a username and password in some gibberish format and then translating them into something usable which can be passed on the next command that requires the username/password.

Any advise or suggestion will be very much appreciated. Some kind of starting point to test with I supposed ...

Thanks in advance.

[nmset]

I don't think you can mask these info in any way, you'll have to clear them for use, this clearance may require a password stored somewhere ...

You may consider adding a user with no password having limited SELECT rights to relevent tables and columns in your database, and that user may only connect from a specified host. It all depends on the nature and level of confidentiality your database requires. Most DB admins won't like this.

You may also store the username/password as environment variables that you enter manually, if you can leave your session open indefinitely and no one can access it.