[Rd] secure password token management method in R

Barry Rowlingson b.rowlingson at lancaster.ac.uk
Wed Dec 14 23:31:45 CET 2011


On Wed, Dec 14, 2011 at 9:54 PM, Ni Wang <niwang at gmail.com> wrote:
> hi, r developers, I am now working on a R function/package to handling
> online request with username and token/password.
>
> For security reasons, it's not so safe to store the username & token in
> persistent variables, since they'll be saved to disk when
> users save their workspace. Is there a secure way in R to handle the online
> password management? I have searched it online
> but didn't find any good suggestions. So I am trying my luck on this mail
> list.

 If you save something to an environment that isnt the Global
Environment then R won't save it when you quit and save. Suggest you
save credentials in a list. Maybe something like this:

 attach(list(username="mrbluesky",password="s3cr3t"),name="credentials")

then you just get user and password from the environment when needed:

 get("username",envir=as.environment(credentials))
 get("password",envir=as.environment(credentials))

saving the R workspace in the usual way (answering 'y' to Save
Workspace Image) won't save this data.

 I have a vague memory of Splus possibly having a temporary
environment which would do what you want, but that doesn't seem to be
present in R...

Barry



More information about the R-devel mailing list