Pass parameters to a script securely

security linux process

What is the best way to pass parameters to a forked script securely? E. g. passing parameters through command line operands is not secure, since someone who has an account on the host can run ps and see them.

Unnamed pipe is quite secure, as far as I understand, isn't it? I mean, passing parameters to STDIN of the forked process.

What about passing parameters in environment vars? Is it secure?

What about passing parameters by other means I didn't mention?


Solution 1:

There might be a better way, but if there is sensitive information I would recommend you put it in a file that nobody else can read. You then pass the file as an argument to the program, and that program can open the file and parse out the information it needs.

If it is really sensitive you can encrypt the file itself, but making a file that only the owner can read is good enough for private ssh keys.

Related

RHEL - NFS4: Mounted/Exported as rw, user write permission denied
What files do I need to recover MySQL databases from Ubuntu?
GVFS Locations Not Available In ~/.gvfs
SQL Server Windows Auth Login sees Domain as untrusted
Can't Access CouchDB Remotely
How to get the correct hostname when using ElasticIP in a CloudFormation template
Cron sync mysql tables
munin to monitor apache hits on particular URLs
Intermittent unavailability of an instance in a failover cluster while a standby node is offline in a SQL Server 2008 failover cluster
SSL issues on a mobile website
How to run tomcat6 on ubuntu as root?
Tar not preserving Owner/Permissions