JaredWilliams Posted June 15, 2017 Share Posted June 15, 2017 Is there any way to open the clipboard.alfdb in any terminal program so that I can remove sensitive data and replace it with something like "PASSWORDREMOVED" without corrupting the data file? Is it in any certain data format? Like if it was SQLite I could make the changes through there I know you can do function-backspace to remove entries from the clipboard, however, i just want to remove the sensitive data not the whole line from the clipboard. Thank you, Jared https://jared.nyc https://devopschat.co Link to comment
JaredWilliams Posted June 15, 2017 Author Share Posted June 15, 2017 (edited) just tried doing sqlite3 clipboard.alfdb and that worked So I wrote this quick update statement anyone in the future might want to use Steps: 1. Open the DB by doing: sqlite3 "~/Library/Application Support/Alfred 3/Databases/clipboard.alfdb" 2. If you want to see how many times your password, or sensitive data, is in the clipboard run this query (replace where it says YOURPASSWORD with your password or any sensitive data): SELECT COUNT(item) FROM clipboard WHERE item LIKE '%YOURPASSWORD%'; 3. Run this query (replace where it says YOURPASSWORD with your password or any sensitive data you want to remove like APIKeys, etc): UPDATE clipboard SET item = replace( item, 'YOURPASSWORD', 'PasswordRemoved') WHERE item LIKE '%YOURPASSWORD%'; 4. Run the SELECT from step 2 again And heres a quick script i wrote that you can run whenever. Change where it says 'PasswordToRemove' to your password. Also you can pass data to the script as a parameter, however, if that parameter is missing it just defaults to whatever text you have as 'PasswordToRemove' #!/bin/bash DInput=$1 YourPassword="PasswordToRemove" StringToRemove="${DInput:-$YourPassword}" COUNT=$(sqlite3 "~/Library/Application Support/Alfred 3/Databases/clipboard.alfdb" "SELECT COUNT(item) FROM clipboard WHERE item LIKE '%$StringToRemove%';") sqlite3 "~/Library/Application Support/Alfred 3/Databases/clipboard.alfdb" "UPDATE clipboard SET item = replace( item, '$StringToRemove', 'PasswordRemoved') WHERE item LIKE '%$StringToRemove%';" POSTCOUNT=$(sqlite3 "~/Library/Application Support/Alfred 3/Databases/clipboard.alfdb" "SELECT COUNT(item) FROM clipboard WHERE item LIKE '%$StringToRemove%';") echo "Sensitive Data Count: $COUNT" echo "Removing Sensitive Data....." echo "Count after Scrubbing: $POSTCOUNT" So you can run /usr/local/bin/AlfredDataScrubber and it will replace the string 'PasswordToRemove' with 'PasswordRemoved' or you can run /usr/local/bin/AlfredDataScrubber "LongAPIKey" and it will replace the string 'LongAPIKey' with 'PasswordRemoved' Edited June 15, 2017 by JaredWilliams Link to comment
deanishe Posted June 15, 2017 Share Posted June 15, 2017 Which password program are you using? Properly written ones mark copied passwords as sensitive and Alfred doesn't remember them in the first place. Editing Alfred's (or any app's) internal data is not a particularly smart thing to do. Link to comment
JaredWilliams Posted June 15, 2017 Author Share Posted June 15, 2017 I work a lot in the terminal and a lot of other programs. I use 1password and it doesn't save the password. But there has been stuff I've copied from safari like API keys and passwords. etc. so it helps to have a way to remove it. and since its SQLite and I've tested this for a couple hours now, doesn't affect Alfred in any negative way. Link to comment
deanishe Posted June 15, 2017 Share Posted June 15, 2017 (edited) 44 minutes ago, JaredWilliams said: I've tested this for a couple hours now You aren't escaping the input. Any password with ' in it will cause the script to die in flames. I also have to question the wisdom of saving a password in a script. That's a great way to accidentally upload sensitive data to GitHub. Finally, if you pass it a password on the command line, you're just swapping a password in your clipboard history for one in your shell history. The proper solution would be to file a feature request for an alternate Hotkey that copies text without remembering it or the ability to delete entries from the history via Alfred. Edited June 15, 2017 by deanishe vitor 1 Link to comment
vitor Posted June 15, 2017 Share Posted June 15, 2017 Agreed with @deanishe. Particularly since all you’re doing is moving your password from one place to another — you’re still saving it in plain text in the script — so it’s not really that much secure. But since you need the feature now, you could indeed just change the script to get the password as an argument from the command line. That would make it more flexible, even. But make sure you HISTCONTROL=ignorespace in bash or setopt hist_ignore_space in zsh. Add that to your shell’s startup files and any command you type that’s preceded by a space will not be saved to history. Alternatively, save the password to the Keychain and use security to retrieve it in the script. deanishe 1 Link to comment
deanishe Posted June 15, 2017 Share Posted June 15, 2017 Or read the password from STDIN instead of ARGV. That's how it's usually done in command-line programs. Keychain is definitely the best way, though, if there can be a "best way" of messing with an application's private data while it's running. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now