stackoom
  简体   繁体   中英

Text file to be only accessible from batch file and specific user

 原文  2019-10-29 17:26:56       windows/ powershell/ batch-file/ cmd

Question

I have a batch file that runs a script using a specific user's credentials being called from a text file. The problem is, anyone can follow the path and open said text file and see that user's sign-on credentials. I put them in stream files for added perplexity but by viewing the path in the batch file, anyone can figure it out.

script.bat:

@ECHO OFF

SET credentialsFile=.\SomeFile.txt:username.txt
SET anotherFile=.\SomeFile.txt:password.txt

SET /p username=<%credentialsFile%
SET /p password=<%anotherFile%

Script here that needs to use %username% and %password% for execution

This is being run on a server that several people have access to. What can be done to completely hide the contents of the text file from everyone but the batch file that calls it and the user who's credentials are being used? Or another way of going about this instead of a text file?

**Note that this script is to run on startup and so the goal is to avoid requiring user input on execution in case the server were to go down in the middle of the night

1 answers

solution1
 0  2019-10-29 18:14:27

I agree that PSCredential objects may be a good solution for your use case. To help you along, here is an example script that can store UserName and Password in .txt files and then use them to create a PSCredential object.

The Password is stored as a SecureString - unreadable if you simply open the.txt file. The secure string is used to create the PSCredentia l object. The SecureString can only be read by the same user account on the same machine that created it. 

# This method will encrypt using the Windows Data Protection API, which 
# we are only able to access the password file with one account and only 
# on the same device that created the password file.

# Get the UserName and store it in a file
$UserName = Read-Host -Prompt "Enter username for script" | Tee-Object "UserName.txt"

# Get the Password and store it as a secure string in a file
#  e.g. abc123
Read-Host -Prompt "Enter password for $Credential" -AsSecureString | ConvertFrom-SecureString | Out-File "Password.txt"

# Get our password from the secure string we stored on disk
$Password = Get-Content "Password.txt" | ConvertTo-SecureString

# Create a PS credential object using the username and password we've gathered
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UserName,$Password

# This yields the plain text password.  
#  e.g. abc123
$Credential.GetNetworkCredential().Password

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Get a specific string from a text file in batch Get a specific text from a text file using batch User authentication from batch file Batch to Print specific lines of text to a file Add '-' between specific text - Batch file windows Create a text file with batch with a specific path Batch File: Compare 2 text files and Update specific line in text file Reading lines from a text file in batch file Insert a command into a specific line from batch file to another batch file Execute batch file from specific line/part with another batch file
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM