[R] Remove entry with sensitive information from history

Luca Cerone luca.cerone at gmail.com
Thu May 28 19:44:38 CEST 2015


Thanks to you all for your help!

I see Brian's answer as good when I want to prompt the user for a
password (when they set the profile for example) and I would like to
know how to mask the input there.

Henrik's answer seems the closest to what I would like to achieve, but
you are right if they assign the function to a different name, than it
can be problematic.. unleass I don't do a search in the namespace
everytime
and see which names reference to update_password, which seems quite
complicated, but it is a good starting point!

Thanks a lot again for the help!

Cheers,
Luca

On Wed, May 27, 2015 at 12:13 PM, Henrik Bengtsson
<henrik.bengtsson at ucsf.edu> wrote:
> To answer your question on filtering the command-line history: You can
> use savehistory()/loadhistory() to rewrite the history, but like all
> other solutions/suggestions, it's not guaranteed to work everywhere.
> Example:
>
> filterhistory <- function(filter) {
>   stopifnot(is.function(filter))
>   hf <- tempfile()
>   on.exit(file.remove(hf))
>   savehistory(hf)
>   history <- readLines(hf)
>   historyF <- filter(history)
>   ## Always write the same number of history lines as
>   ## read to make sure everything is overwritten,
>   ## cf. 'R_HISTSIZE' in help('savehistory').
>   ndropped <- length(history)-length(historyF)
>   clear <- rep("'<command-line history erased>'", times=ndropped)
>   historyF <- c(clear, historyF)
>
>   writeLines(historyF, con=hf)
>   loadhistory(hf)
> }
>
> update_password <- function(...) {
>   filterhistory(filter=function(x) {
>     str(x)
>     start <- grep("update_password", x, fixed=TRUE)[1]
>     x[seq_len(start-1L)]
>   })
>   ## ...
>   cat("Hello world!\n")
> }
>
> This won't work if someone does:
>
> foo <- update_password
>
> and calls foo().  Then you need to use a more clever filter function,
> e.g. one that drops the last call, which may be spread out on multiple
> lines so not just the last line.
>
> /Henrik
>
> On Wed, May 27, 2015 at 2:06 AM, Prof Brian Ripley
> <ripley at stats.ox.ac.uk> wrote:
>> On 27/05/2015 09:17, Luca Cerone wrote:
>>>
>>> Hi David, thanks, but the function has to work from an R shell, I have
>>> no graphical server in my remote machines.
>>
>>
>> My suggestion was going to be to use readline() to read the passwords.
>> Ideally one would use a custom reader from stdin which did not echo, but
>> that is not possible without knowledge of the terminal/console in use (which
>> is hard to do portably), nor in general.  One could do what some password
>> readers (e.g. that on iOS) do, and after each character is entered backspace
>> and overwrite by x or dot.
>>
>>
>>>
>>> On Wed, May 27, 2015 at 9:45 AM, David Winsemius <dwinsemius at comcast.net>
>>> wrote:
>>>>
>>>>
>>>> On May 27, 2015, at 12:29 AM, Luca Cerone wrote:
>>>>
>>>>> Hi everybody,
>>>>>
>>>>> in one of my packages I store encrypted password.
>>>>>
>>>>> If the user has to change the password in use she can run:
>>>>>
>>>>> update_password(old_password, new_password)
>>>>>
>>>>> The problem is that the commands ends up in the .Rhistory file.
>>>>>
>>>>> Is there any way I can avoid this? Any suggestion about it?
>>>>>
>>>>
>>>> Write a small password verification program in Rcpp or tcl and then call
>>>> it to handle the dialog. In the past Greg Snow has suggested: "The tkexamp
>>>> function in the TeachingDemos package can help with creating tcltk dialog
>>>> boxes. "
>>>>
>>>> --
>>>>
>>>> David Winsemius
>>>> Alameda, CA, USA
>>>>
>>>
>>> ______________________________________________
>>> R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see
>>> https://stat.ethz.ch/mailman/listinfo/r-help
>>> PLEASE do read the posting guide
>>> http://www.R-project.org/posting-guide.html
>>> and provide commented, minimal, self-contained, reproducible code.
>>>
>>
>>
>> --
>> Brian D. Ripley,                  ripley at stats.ox.ac.uk
>> Emeritus Professor of Applied Statistics, University of Oxford
>> 1 South Parks Road, Oxford OX1 3TG, UK
>>
>>
>> ______________________________________________
>> R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see
>> https://stat.ethz.ch/mailman/listinfo/r-help
>> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
>> and provide commented, minimal, self-contained, reproducible code.



More information about the R-help mailing list