Can I programmatically enter the site without saving the password in clear text?

Question

Can I programmatically enter the site without saving the password in clear text?

I carry out a number of projects that include the automatic submission of forms and / or the receipt of data from websites. Some of these sites require username and password authentication. (These sites do not have APIs, so I rely on screen scripting.)

Most of the tutorials I've seen store the username and password in the source code, like any other POST data, for example:

string username = "someUserName";
string password = "somePassword";
// submit POST data...

But I know that storing passwords in plain text is generally disapproving. Is there an alternative method I should use?

+5

security authentication screen-scraping

Rexe Jul 9 '12 at 6:59

source share

6 answers

Jørgen R · Answer 1 · 2012-07-09T07:07:14+0000

. , , .

, , base64, , .

, , . , - , SQLite .

, , .

Mike Kelly · Answer 2 · 2015-06-26T17:22:40+0000

, . . - - . - nodejs, .

openssl. nodejs -. , .

- node, .

openssl .

, , , , .

sashoalm · Answer 3 · 2012-07-09T07:10:41+0000

- (XTEA). ++ , , .

#include <stdint.h>

/* take 64 bits of data in v[0] and v[1] and 128 bits of key[0] - key[3] */

void encipher(unsigned int num_rounds, uint32_t v[2], uint32_t const key[4]) {
    unsigned int i;
    uint32_t v0=v[0], v1=v[1], sum=0, delta=0x9E3779B9;
    for (i=0; i < num_rounds; i++) {
        v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);
        sum += delta;
        v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]);
    }
    v[0]=v0; v[1]=v1;
}

void decipher(unsigned int num_rounds, uint32_t v[2], uint32_t const key[4]) {
    unsigned int i;
    uint32_t v0=v[0], v1=v[1], delta=0x9E3779B9, sum=delta*num_rounds;
    for (i=0; i < num_rounds; i++) {
        v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]);
        sum -= delta;
        v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);
    }
    v[0]=v0; v[1]=v1;
}

Matin Kh · Answer 4 · 2012-07-09T07:13:28+0000

:
1. HTTPS ( )
2. . :

private static String passwordEncryption(String oldPass){
    String newPass = "";
    try {
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");  
        messageDigest.update(oldPass.getBytes(), 0, oldPass.length());  
        newPass = new BigInteger(1,messageDigest.digest()).toString(16);  
        if (newPass.length() < 32) {
            newPass = "0" + newPass; 
        }
        return newPass;
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
    return newPass;

}

MD5() MySql, .

Jacco · Answer 5 · 2012-07-09T09:31:41+0000

:

. , , (128-) ( ). () , . , .

?

( ). - . , , . , , , SQL- ( "" ) ( ).

, , . - .

, , . , , , .

pguardiario · Answer 6 · 2012-07-10T00:32:44+0000

. script - ( " " ).

Apis ( - Amazon, ) , , , , .

.bash_profile, , , , github .

Can I programmatically enter the site without saving the password in clear text?

More articles: