Pass parameters to a script securely
What is the best way to pass parameters to a forked script securely? E. g. passing parameters through command line operands is not secure, since someone who has an account on the host can run ps
and see them.
Unnamed pipe is quite secure, as far as I understand, isn't it? I mean, passing parameters to STDIN
of the forked process.
What about passing parameters in environment vars? Is it secure?
What about passing parameters by other means I didn't mention?
Solution 1:
There might be a better way, but if there is sensitive information I would recommend you put it in a file that nobody else can read. You then pass the file as an argument to the program, and that program can open the file and parse out the information it needs.
If it is really sensitive you can encrypt the file itself, but making a file that only the owner can read is good enough for private ssh keys.