我有一个.txt文件和一个 bash 脚本,其中 txt 文件将被压缩并移动到其他 sftp 服务器。
我在用
zip -P pass foo.zip foo.txt
在脚本中,密码是可见的,但我不应该在那里保存硬编码的密码。谁能帮我吗?
答案1
从zip手册页来看,
-P password
--password password
Use password to encrypt zipfile entries (if any). THIS IS INSECURE! Many multi-user operating systems provide ways for any user to see the current command line of any other user; even
on stand-alone systems there is always the threat of over-the-shoulder peeking. Storing the plaintext password as part of a command line in an automated script is even worse. Whenever
possible, use the non-echoing, interactive prompt to enter passwords. (And where security is truly important, use strong encryption such as Pretty Good Privacy instead of the relatively
weak standard encryption provided by zipfile utilities.)
正如手册页中提到的,这是非常不安全的!
因此,您可以再次尝试以下操作,从zip手册页中,
--encrypt
Encrypt the contents of the zip archive using a password which is entered on the terminal in response to a prompt (this will not be echoed; if standard error is not a tty, zip will exit
with an error). The password prompt is repeated to save the user from typing errors.
该命令类似于:
zip --encrypt foo.zip foo.txt它要求在终端上输入密码,
Enter password:
Verify password:
updating: foo.txt (stored 0%)
警告:使用的加密技术zip并不是很强。很容易就能被破解!