Mail Archives: cygwin/2005/12/06/15:16:30

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2005/12/06/15:16:30

X-Spam-Check-By: sourceware.org

Message-ID: <4395F187.2020908@wpkg.org>

Date: Tue, 06 Dec 2005 21:16:07 +0100

From: Tomasz Chmielewski <mangoo AT wpkg DOT org>

User-Agent: Mozilla Thunderbird 1.0.7-3mdk (X11/20051015)

MIME-Version: 1.0

To: Wayne Willcox <wayne AT reliant DOT immure DOT com>

Cc: cygwin AT cygwin DOT com

Subject: Re: encoding scripts (so that user can't see passwords easily)?

References: <4392D119 DOT 7080409 AT wpkg DOT org> <20051204173646 DOT GA28855 AT trixie DOT casa DOT cgf DOT cx> <deca9ec80512042242h44317cexf2878291acddcc8a AT mail DOT gmail DOT com> <7ff9c2a10512060949l72e9693bv251e0d46c36ea0e0 AT mail DOT gmail DOT com> <4395E827 DOT 4070804 AT wpkg DOT org> <61f6f4390512061158o5a2ef71by6e1a419c8e6499b3 AT mail DOT gmail DOT com> <20051206140214 DOT A4275 AT reliant DOT immure DOT com>

In-Reply-To: <20051206140214.A4275@reliant.immure.com>

X-IsSubscribed: yes

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Wayne Willcox schrieb:

> On Tue, Dec 06, 2005 at 02:58:15PM -0500, Jim Drash wrote:
> 
>>Don't put the user names or passwords in the script put them in a file
>>only readable by SYSTEM

 > that would not solve the requirement of protecting the passwords
 > if the disk was stolen.  The scripts are supposedly already
 > readable by system and admin only.
 >

That's exactly what I mean (they are already readable by SYSTEM and 
admins only).

If the disk is stolen, it would add some extra time before the password 
is compromised.

Someone gave a clue here:

http://cygwin.com/ml/cygwin/2005-12/msg00181.html

"instead of storing them plaintext, why don't you try encoding them via
cryptographic hashes - md5, sha1, tiger and the like."

But I don't really know where to start (which tool should I use for it?)


-- 
Tomek
http://wpkg.org
WPKG - software deployment and upgrades with Samba

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Spam-Check-By:	sourceware.org
Message-ID:	<4395F187.2020908@wpkg.org>
Date:	Tue, 06 Dec 2005 21:16:07 +0100
From:	Tomasz Chmielewski <mangoo AT wpkg DOT org>
User-Agent:	Mozilla Thunderbird 1.0.7-3mdk (X11/20051015)
MIME-Version:	1.0
To:	Wayne Willcox <wayne AT reliant DOT immure DOT com>
Cc:	cygwin AT cygwin DOT com
Subject:	Re: encoding scripts (so that user can't see passwords easily)?
References:	<4392D119 DOT 7080409 AT wpkg DOT org> <20051204173646 DOT GA28855 AT trixie DOT casa DOT cgf DOT cx> <deca9ec80512042242h44317cexf2878291acddcc8a AT mail DOT gmail DOT com> <7ff9c2a10512060949l72e9693bv251e0d46c36ea0e0 AT mail DOT gmail DOT com> <4395E827 DOT 4070804 AT wpkg DOT org> <61f6f4390512061158o5a2ef71by6e1a419c8e6499b3 AT mail DOT gmail DOT com> <20051206140214 DOT A4275 AT reliant DOT immure DOT com>
In-Reply-To:	<20051206140214.A4275@reliant.immure.com>
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com