How to set up a secure password-protected connection between R and a server

Question

I edited this question to clarify why I asked this question again (I had weak Google-Fu and found these rather old 1 2 3 pretty-much-duplicates only after posting).

Approaches to accessing a password-protected resources that I've seen in the wild.

1. Plaintext storage in script (might often end up being shared, or in a Dropbox)
2. Plaintext storage in a config script
3. You can do password = readline("Password: ") but of course the password ends up in plaintext in the console (and thus in console logs etc.), so might as well store it in a plaintext config file.
4. I found this little trick to avoid displaying the password in the Terminal, but running system("stty -echo") on OS X Mavericks leads to the error stty: stdin isn't a terminal, so I guess it wouldn't be particularly portable.
5. Using tcltk. Has the unfortunate effect of making Rstudio crash and being difficult to install.
6. keychain. It's not on CRAN, so I don't think I can use this as a first-line approach, I'd also like a bit more detail about where and how passwords are stored on various systems (i.e. will it end up in plaintext on Windows?).
7. Access tokens, OAuth etc. seem to have similar problems.

I don't know any R packages which use PGP for connections? Probably also a bit difficult for newbie users.

I'm not asking for myself mainly, but I want to provide somewhat sensible defaults for nontechnical users who might store plaintext passwords enabling access to sensitive data in their Dropbox.

Unlike others who asked similar questions, I could also change the server-side of things if I had a better approach.

Are there best-practice approaches that I'm currently missing? My focus on interactive sessions is because I assume that's how most nontechnical types use R, but of course it would be nice if it worked during e.g. knitr report generation too.

Answer 1

Some suggestions to solve your problem securely. These solutions match all programming languages.

1. Establish a secure connection to your resource without R, like a SSL tunnel.
2. If you need a secure password in R to establish a secure connection, then you can read this from a secure config file and remove this password variable if you don't use the password anymore. A secure config file is a config file that is not part of your code repository (Git, SVN, ...). You have to manage your secret independent of your code. This mean separate your code and your secrets. One simple way is to put your private and secure secret in your private and secure user home directory. Then you have delegated your security problem to your operating system. Your secret is now save as your OS and your home directory. Pleas check the rights of your home directory and enable the file system encryption if they are off. Notice, this is the way like Maven handle passwords.
3. You get more security if you encrypt your password/secret config file. Then you have second line of defense.

For most applications is point 2 enough.

Notice, be sure that your secret is not deployed with your code. You need a second way to manage and deploy your secret to production systems.

Notice, be sure that if your programs jams, that your secret is not in memory anymore.

Notice, use always strong algorithms for encryption. Don't implement your own security algorithm, is a high complexity task. Better use standard implementations of strong encryption algorithms.