cancel
Showing results for 
Search instead for 
Did you mean: 

how to encrypt password in kdb q handle.

abhi_raghu1988
New Contributor
Hello Masters,

I am new to q kdb and so please help with my query.

I am trying to open the handle to the test environment like below my question is how I can encrypt my password or if there is any way I can avoid hardcoding it.

env:`$":myurl:port:username:password"

Thanks In advance
Abhishek
2 REPLIES 2

abhi_raghu1988
New Contributor
Hello Chen,

Thanks for your reply.

My concern here is still we are giving password in below code as plain text which is a security concern.

To connect to server as a client:
q)h:hopen `::14000:Tom:a2b

q)pw                                                                         // password for each user

`a2b`c5d`e8f

Regards,
Abhishek

Hi,

You can use environment or command line variables:

george@pc$ export NAME=Tom
george@pc$ export PASS=a2b
george@pc$ q
q)`$":" sv ("";"";"14000"),getenv each `NAME`PASS
`::14000:Tom:a2b

george@pc$ q -name Tom -pass a2b
q)params:.Q.opt .z.X
q)`$":"sv("";"";"14000"),raze params `name`pass
`::14000:Tom:a2b

The password will still be available in the process, and will be transmitted in plain text. strace gives...

q)hopen `::14000:Tom:a2b

[pid 17895] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 6
[pid 17895] setsockopt(6, SOL_TCP, TCP_NODELAY, [1], 4) = 0
[pid 17895] setsockopt(6, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
[pid 17895] setsockopt(6, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
[pid 17895] connect(6, {sa_family=AF_INET, sin_port=htons(14000), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
[pid 17895] sendto(6, "Tom:a2b\6\0", 9, 0, NULL, 0) = 9
[pid 17895] recvfrom(6, "\6", 1, 0, NULL, NULL) = 1

Avoiding that requires ssl: https://code.kx.com/q/kb/ssl/

Best,
George