I have written some scripts that get called in html while a web page is loading. I have occasionally been required to pass credentials to some service in these scripts. An example would be:
stdout = subprocess.Popen( ["ldapsearch -H ldap://111.111.111.11"
+"-LLL -D "
+"\"CN=someAccountCN,OU=example,OU=example,OU=example group,DC=example,DC=com\" "
+"-x -w somePassword "
+"-b \"OU=example group,DC=example,DC=com\" "
+"\"("+group[0]+")\""], stdout=subprocess.PIPE, shell=True )
It is foreseeable that a user may be able to view the contents of this script, and I would like some way to keep these credentials private (ie not let them see 'someAccountCN' and 'somePassword'). How is this situation generally handled? It may be possible for me to call a different script, which is rx by root; that solution is fine, but a little clunky. I'm wondering if there are any other solutions.