Clifford Sullivan (@cliffsull on twitter) recently asked how to go about safely accepting password input from an interactive program in python.
As you may know, password inputs are generally “masked”, so the password is not echoed back to the screen. This is “kind of fucking important” as an attempt at defending against shoulder surfers and other evildoers.
Anyway, in python, there is a module named “getpass” that serves this exact purpose. It is part of the python standard library, so no need to go pip installing it or anything just yet.
I figured it might be useful to make note of it here just so you can see how trivial it is to safely accept user input, and perhaps write a demo app using python-paramiko showing how this might be used in practice.
Now, to show use with Paramiko, say we want to write a program that logs into a remote host, checks uptime, and displays the uptime for you.
In this example, we use raw_input to do this. raw_input is not a good idea for accepting passwords as it echoes back to the terminal, but it is fine for usernames.
See? it echoes back to the terminal!
So instead, we use getpass.getpass to do this, and it is a far more safe way to accept the password.
As you can see, it does NOT echo back the password to the terminal!
Hopefully you will understand the point of all this, and use safer ways to accept user input into your applications :)
Footnote: Currently importing old stuff from old blogs and stuff to one centralized location, which is why you may recognise this from elsewhere. Little identity crisis caused a fragmenting of online presence :P