Don't put the user names or passwords in the script put them in a file only readable by SYSTEM
On 12/6/05, Tomasz Chmielewski <[EMAIL PROTECTED]> wrote: > Svend Sorensen schrieb: > > On 12/4/05, nidhog <[EMAIL PROTECTED]> wrote: > > > >>On 12/4/05, Christopher Faylor <[EMAIL PROTECTED]> wrote: > >> > >>>On Sun, Dec 04, 2005 at 12:20:57PM +0100, Tomasz Chmielewski wrote: > >>> > >>>>I have a little open-source project, which eases Windows administration > >>>>a bit. > >>>> > >>>>In some of the scripts, I use usernames and passwords (to get to a > >>>>password-protected network share etc.). > >>>>Because they are scripts, username and password is in plain. > >>>> > >>>>Although the script files are only readable by SYSTEM and > >>>>Administrators, if a disk is stolen, someone could easily get the > >>>>passwords by doing simple "grep -r password ./*". > >>>> > >>>>Do you know some tool which could "encode" scripts? > >> > >>instead of storing them plaintext, why don't you try encoding them via > >>cryptographic hashes - md5, sha1, tiger and the like. > > > > > > How is the script going to get the plaintext password if all it has is > > a one way hash? > > I don't really care, perhaps it won't be any one way hash anyway. > > It is to be a measure to prevent an accidental viewing of > usernames/passwords rather than some "military grade" tool which takes > 100 years to break on a supercomputer. > > > -- > Tomek > http://wpkg.org > WPKG - software deployment and upgrades with Samba > > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Problem reports: http://cygwin.com/problems.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ > > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
