How do I prevent exposure of my password when using RGoogleDocs?

Asked 23/5, 2011 at 18:57 Answered 5/3, 2014 at 19:33

I love RGoogleDocs and use it a lot. However, I don't like entering my password all the time. Obviously I could just type the password into the R script and would never have to enter it again. But thats not viable since it means that my password would be left unencrypted on my harddrive. Furthermore I share my scripts with colleagues.

To get around the problem I came up with this.

if(exists("ps")){
  print("got password, keep going")
} else {
  ps <-readline(prompt="get the password in ")
}

options(RCurlOptions = list(
  capath = system.file("CurlSSL", "cacert.pem", 
  package = "RCurl"), ssl.verifypeer = FALSE)
)

sheets.con = getGoogleDocsConnection(
  getGoogleAuth("[email protected]", ps, service ="wise")) 

#WARNING: this would prevent curl from detecting a 'man in the middle' attack
ts2=getWorksheets("hpv type",sheets.con)

I love using RStudio. I feel uncomfortable that it is displaying my password for any colleague in my office at the time to see. I used a fake password but look at the image. my password would be in plain view for all to see in RStudio . Furthermore, if I saved a workspace my password would be saved with it and I am afraid that I would be giving it to someone else if, a few months later, when I had long forgotten about what was in it, I sent my .RData file to a colleague.

I read something general about passwords in R in an earlier post. It did not give me enough information to be able to conceal my password when using RGoogleDocs.

Siloxane answered 23/5, 2011 at 18:57 Comment(1)

If you are using Windows, see https://mcmap.net/q/430120/-encrypt-password-in-r-to-connect-to-an-oracle-db-using-rodbc – Changeable 20/4, 2016 at 22:50

My approach is to set the login-name & password in the R options list within the R startup file .Rprofile. Then my code gets the value with getOption() and then the value is never visible or stored in a top-level variable in globalenv(). (It could be save if one does post-mortem debugging via dump.frames).

It is vital that the .Rprofile cannot be read by anybody other than you.

options(GoogleDocsPassword = c(login = 'password'))

in the .Rprofile and then

auth = getGoogleAuth()

just works as the default value for the first parameter is to look for the GoogleDocsPassword option.

Hypothermal answered 23/5, 2011 at 19:30 Comment(5)

I am a bit lost. Let us assume that the login is "[email protected]" and the password was "12345". The how would option(GoogleDocsPassword = c(login = 'password')) look. Where does one put the line auth = getGoogleAuth()? Does it go in the Rprofile? – Siloxane 23/5, 2011 at 21:41

After setting the GoogleDocsPassword option just once outside of R in your .Rprofile, in any R session, you can use con = getGoogleDocsConnection() to create a connection. The point is that the functions know how to find the login and password to passively create a connection. You can even use getDocs() directly, but it is more efficient to create a connection just once with getGoogleDocsConnection() and pass this in each of the calls to the higher level functions. (Otherwise, we have more communication with Google to create a new connection each time.) – Hypothermal 24/5, 2011 at 0:12

I would not put a call to getGoogleAuth() or getGoogleDocsConnection() or anything of that nature in my .Rprofile. Why? Because I won't use GoogleDocs in every R session. I just call getGoogleDocsConnection() when I want a connection during that R session. Setting the option in the .Rprofile is just setting things up to be used if they are needed and not causing any problems if they are not. – Hypothermal 24/5, 2011 at 0:29

@sarnold That was not easy but I finally got it. It only took me 1.5 years. I added the following line to Rprofile.site which is in C:\Program Files\R\R-2.15.2\etc\. options(GoogleDocsPassword = c(fjbuch = 'zzfigmesseduponpurposekjeikdg'))#r specific password using Google authenticator. It was not easy to do that because you have to edit the security settings of the file look at sevenforums.com/general-discussion/…. – Siloxane 18/1, 2013 at 17:32

Then in my rscript I have sheets.con = getGoogleDocsConnection(getGoogleAuth(login = getOption("GoogleDocsPassword"),service ="wise")) followed by dataframe.name=getWorksheets("spreadsheetname in google docs",sheets.con) – Siloxane 18/1, 2013 at 17:34

I had the same problem, and no real solution. The workaround I use is, I create a google account just for this purpose, with a password that I do not care about. I then share the documents that I want R to access with that account.

But if someone has an answer to the initial question I am interested as well.

Beech answered 23/5, 2011 at 19:11 Comment(0)

Seems like uou could store the password in your options and the instead of "ps" directly use "getOption". LIkely there are better solutions though.

Curvilinear answered 23/5, 2011 at 19:28 Comment(0)

You could store the password in a file on you computer, encoded and all and call it with somthing like

getPassword <- function(file = location of password file){unencode(readLines(file))}

set this in your .Rprofile and use in the code

getPassword().

This doesn't store your password in any R files and you can build in checks in the file.

Aargau answered 5/12, 2011 at 11:8 Comment(0)

If you really don't want to store it anywhere, then one solution to this is not to use a variable for the password, maybe even for the google account address! Building on the linked answer, why not try

library(tcltk)
library(RGoogleDocs)

getHiddenText <- function(label = "Enter text:", symbol = "*", defaultText = ""){  
    wnd <- tktoplevel()
    entryVar <- tclVar(defaultText)  
    tkgrid(tklabel(wnd, text = label))
    #Entry box
    tkgrid(entryBox <- tkentry(wnd, textvariable = entryVar, show = symbol))
    #Hitting return will also submit text
    tkbind(entryBox, "<Return>", function() tkdestroy(wnd))
    #OK button
    tkgrid(tkbutton(wnd, text="OK", command=function() tkdestroy(wnd)))
    #Wait for user to submit  
    tkwait.window(wnd)
    return(tclvalue(entryVar))
}  

repeat {
    con <- try(getGoogleDocsConnection(getGoogleAuth(
        getHiddenText(
            label = "Enter google account:",
            symbol = "", # or set to "*" to obscure email entry
            defaultText = "@gmail.com"), # a little timesaver
        getHiddenText(
            label = "Enter password:",
            symbol = "*",
            defaultText = ""),
        service = "wise")))
    if (inherits(con, "try-error")) {
        userResponse <- tkmessageBox(
            title = "Error",
            message = "Couldn't connect to Google Docs. Try again?",
            icon = "error", type = "yesno")
        if (tclvalue(userResponse) == "no") {
            stop("Unable to connect to Google Docs, user cancelled.")
        }        
    } else { # connection successfully authenticated
        break() # so escape the repeat loop
    }
}

Lamellar answered 5/3, 2014 at 19:33 Comment(0)

For things like this I share the google doc with a made up email address, create a google account and then use it for sharing and authorization. Thus, seperating my personal login details from what's necessasry for the script to run.

Genocide answered 23/5, 2011 at 19:43 Comment(0)

what about 2 step authentication with application specific password ? you can use the application specific password without revealing your real one. and you can revoke it if you want !

Elaina answered 9/7, 2011 at 21:2 Comment(0)

Recommended topics

Hot tags