How do I prevent exposure of my password when using RGoogleDocs?_问答_开发者

I love RGoogleDocs and use it a lot. However, I don't like entering my password all the time. Obviously I could just type the password into the R script and would never have to enter it again. But thats not viable since it means that my password would be left unencrypted on my harddrive. Furthermore I share my scripts with colleagues.

To get around the problem I came up with this.

if(exists("ps")){
  print("got password, keep going")
} else {
  ps <-readline(prompt="get the password in ")
}

options(RCurlOptions = list(
  capath = system.file("CurlSSL", "cacert.pem", 
  package = "RCurl"), ssl.verifypeer = FALSE)
)

sheets.con = getGoogleDocsConnection(
  getGoogleAuth("notreal@gmail.com", ps, service ="wise")) 

#WARNING: this would prevent curl from detecting a 'man in the middle' attack
ts2=getWorksheets("hpv type",sheets.con)

I love using RStudio. I feel uncomfortable that it is displaying my password for any colleague in my office at the time to see. I used a fake password but look at the image.

How do I prevent exposure of my password when using RGoogleDocs?

. Furthermore, if I saved a workspace my password would be saved with it and I am afraid that I would be giving it to someone else if, a few months later, when I had long forgotten about what was in it, I sent my .开发者_JS百科RData file to a colleague.

I read something general about passwords in R in an earlier post. It did not give me enough information to be able to conceal my password when using RGoogleDocs.

My approach is to set the login-name & password in the R options list within the R startup file .Rprofile. Then my code gets the value with getOption() and then the value is never visible or stored in a top-level variable in globalenv(). (It could be save if one does post-mortem debugging via dump.frames).

It is vital that the .Rprofile cannot be read by anybody other than you.

options(GoogleDocsPassword = c(login = 'password'))

in the .Rprofile and then

auth = getGoogleAuth()

just works as the default value for the first parameter is to look for the GoogleDocsPassword option.

I had the same problem, and no real solution. The workaround I use is, I create a google account just for this purpose, with a password that I do not care about. I then share the documents that I want R to access with that account.

But if someone has an answer to the initial question I am interested as well.

Seems like uou could store the password in your options and the instead of "ps" directly use "getOption". LIkely there are better solutions though.

You could store the password in a file on you computer, encoded and all and call it with somthing like

getPassword <- function(file = location of password file){unencode(readLines(file))}

set this in your .Rprofile and use in the code

getPassword().

This doesn't store your password in any R files and you can build in checks in the file.

If you really don't want to store it anywhere, then one solution to this is not to use a variable for the password, maybe even for the google account address! Building on the linked answer, why not try

library(tcltk)
library(RGoogleDocs)

getHiddenText <- function(label = "Enter text:", symbol = "*", defaultText = ""){  
    wnd <- tktoplevel()
    entryVar <- tclVar(defaultText)  
    tkgrid(tklabel(wnd, text = label))
    #Entry box
    tkgrid(entryBox <- tkentry(wnd, textvariable = entryVar, show = symbol))
    #Hitting return will also submit text
    tkbind(entryBox, "<Return>", function() tkdestroy(wnd))
    #OK button
    tkgrid(tkbutton(wnd, text="OK", command=function() tkdestroy(wnd)))
    #Wait for user to submit  
    tkwait.window(wnd)
    return(tclvalue(entryVar))
}  

repeat {
    con <- try(getGoogleDocsConnection(getGoogleAuth(
        getHiddenText(
            label = "Enter google account:",
            symbol = "", # or set to "*" to obscure email entry
            defaultText = "@gmail.com"), # a little timesaver
        getHiddenText(
            label = "Enter password:",
            symbol = "*",
            defaultText = ""),
        service = "wise")))
    if (inherits(con, "try-error")) {
        userResponse <- tkmessageBox(
            title = "Error",
            message = "Couldn't connect to Google Docs. Try again?",
            icon = "error", type = "yesno")
        if (tclvalue(userResponse) == "no") {
            stop("Unable to connect to Google Docs, user cancelled.")
        }        
    } else { # connection successfully authenticated
        break() # so escape the repeat loop
    }
}

For things like this I share the google doc with a made up email address, create a google account and then use it for sharing and authorization. Thus, seperating my personal login details from what's necessasry for the script to run.

what about 2 step authentication with application specific password ? you can use the application specific password without revealing your real one. and you can revoke it if you want !