Remove entry with sensitive information from history
To answer your question on filtering the command-line history: You can
use savehistory()/loadhistory() to rewrite the history, but like all
other solutions/suggestions, it's not guaranteed to work everywhere.
Example:
filterhistory <- function(filter) {
stopifnot(is.function(filter))
hf <- tempfile()
on.exit(file.remove(hf))
savehistory(hf)
history <- readLines(hf)
historyF <- filter(history)
## Always write the same number of history lines as
## read to make sure everything is overwritten,
## cf. 'R_HISTSIZE' in help('savehistory').
ndropped <- length(history)-length(historyF)
clear <- rep("'<command-line history erased>'", times=ndropped)
historyF <- c(clear, historyF)
writeLines(historyF, con=hf)
loadhistory(hf)
}
update_password <- function(...) {
filterhistory(filter=function(x) {
str(x)
start <- grep("update_password", x, fixed=TRUE)[1]
x[seq_len(start-1L)]
})
## ...
cat("Hello world!\n")
}
This won't work if someone does:
foo <- update_password
and calls foo(). Then you need to use a more clever filter function,
e.g. one that drops the last call, which may be spread out on multiple
lines so not just the last line.
/Henrik
On Wed, May 27, 2015 at 2:06 AM, Prof Brian Ripley
<ripley at stats.ox.ac.uk> wrote:
On 27/05/2015 09:17, Luca Cerone wrote:
Hi David, thanks, but the function has to work from an R shell, I have no graphical server in my remote machines.
My suggestion was going to be to use readline() to read the passwords. Ideally one would use a custom reader from stdin which did not echo, but that is not possible without knowledge of the terminal/console in use (which is hard to do portably), nor in general. One could do what some password readers (e.g. that on iOS) do, and after each character is entered backspace and overwrite by x or dot.
On Wed, May 27, 2015 at 9:45 AM, David Winsemius <dwinsemius at comcast.net> wrote:
On May 27, 2015, at 12:29 AM, Luca Cerone wrote:
Hi everybody, in one of my packages I store encrypted password. If the user has to change the password in use she can run: update_password(old_password, new_password) The problem is that the commands ends up in the .Rhistory file. Is there any way I can avoid this? Any suggestion about it?
Write a small password verification program in Rcpp or tcl and then call it to handle the dialog. In the past Greg Snow has suggested: "The tkexamp function in the TeachingDemos package can help with creating tcltk dialog boxes. " -- David Winsemius Alameda, CA, USA
______________________________________________ R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.
-- Brian D. Ripley, ripley at stats.ox.ac.uk Emeritus Professor of Applied Statistics, University of Oxford 1 South Parks Road, Oxford OX1 3TG, UK
______________________________________________ R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.