Mail Archives: cygwin/2005/12/06/14:58:24
Don't put the user names or passwords in the script put them in a file
only readable by SYSTEM
On 12/6/05, Tomasz Chmielewski <mangoo AT wpkg DOT org> wrote:
> Svend Sorensen schrieb:
> > On 12/4/05, nidhog <nidhog AT gmail DOT com> wrote:
> >
> >>On 12/4/05, Christopher Faylor <cgf-no-personal-reply-please AT cygwin DOT com> wrote:
> >>
> >>>On Sun, Dec 04, 2005 at 12:20:57PM +0100, Tomasz Chmielewski wrote:
> >>>
> >>>>I have a little open-source project, which eases Windows administration
> >>>>a bit.
> >>>>
> >>>>In some of the scripts, I use usernames and passwords (to get to a
> >>>>password-protected network share etc.).
> >>>>Because they are scripts, username and password is in plain.
> >>>>
> >>>>Although the script files are only readable by SYSTEM and
> >>>>Administrators, if a disk is stolen, someone could easily get the
> >>>>passwords by doing simple "grep -r password ./*".
> >>>>
> >>>>Do you know some tool which could "encode" scripts?
> >>
> >>instead of storing them plaintext, why don't you try encoding them via
> >>cryptographic hashes - md5, sha1, tiger and the like.
> >
> >
> > How is the script going to get the plaintext password if all it has is
> > a one way hash?
>
> I don't really care, perhaps it won't be any one way hash anyway.
>
> It is to be a measure to prevent an accidental viewing of
> usernames/passwords rather than some "military grade" tool which takes
> 100 years to break on a supercomputer.
>
>
> --
> Tomek
> http://wpkg.org
> WPKG - software deployment and upgrades with Samba
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Problem reports: http://cygwin.com/problems.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -