+17Has anyone found a way to run a script via the JSS with secure parameters? For example, if I want a script to make some API calls, I need to keep the account credentials obscured from the user. As it is now, the parameters for a script are visible via "ps -e" while it is running.
Edit: I am using bash, is there another language/shell I can use that would not display parameters?
+24If you create a quick add package with the account you want to use, the script in that package will have the hash of the account password. Unless something's changed recently, you can safely use that in your script and the JSS will use the hashed password.
+16Im not certain if this would help in this case, but I'll just post it anyway in case you haven't seen it - https://github.com/jamfit/Encrypted-Script-Parameters
+17Yeah, I ended up doing something similar on my own with openssl and aes-256 encrypting the parameters with a salt embedded in the script. Of course, the "ps -e" command shows the path of the script it is executing in addition to the parameters, so a sufficiently-motivated user with admin rights could capture the script and the decryption salt and reverse-engineer everything.
It's incredibly unlikely, but at the end of the day it's "security through obscurity" which I don't like, but I don't think I can come up with anything better due to the way the OS functions.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
