delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2005/12/06/16:47:30

X-Spam-Check-By: sourceware.org
Message-ID: <61f6f4390512061347h2337ef8bj9c3184ee8762c6c8@mail.gmail.com>
Date: Tue, 6 Dec 2005 16:47:15 -0500
From: Jim Drash <jim DOT drash AT gmail DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: encoding scripts (so that user can't see passwords easily)?
In-Reply-To: <43960252.9010106@wpkg.org>
MIME-Version: 1.0
References: <4392D119 DOT 7080409 AT wpkg DOT org> <deca9ec80512042242h44317cexf2878291acddcc8a AT mail DOT gmail DOT com> <7ff9c2a10512060949l72e9693bv251e0d46c36ea0e0 AT mail DOT gmail DOT com> <4395E827 DOT 4070804 AT wpkg DOT org> <61f6f4390512061158o5a2ef71by6e1a419c8e6499b3 AT mail DOT gmail DOT com> <20051206140214 DOT A4275 AT reliant DOT immure DOT com> <4395F187 DOT 2020908 AT wpkg DOT org> <Pine DOT GSO DOT 4 DOT 63 DOT 0512061540330 DOT 35 AT slinky DOT cs DOT nyu DOT edu> <61f6f4390512061320s512a55e8n84f27e486db0596 AT mail DOT gmail DOT com> <43960252 DOT 9010106 AT wpkg DOT org>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id jB6LlTEj028570 

Can you make it harder? Yes. I can think of lots of ways to make it
harder.  The easiest is to prompt them for the userid and passwords
that they need when they need them and don't store them at all.


On 12/6/05, Tomasz Chmielewski <mangoo AT wpkg DOT org> wrote:
> Jim Drash schrieb:
> > If someone can get physical access to the disk, then there is not a
> > single thing you can do to stop someone who is:
> >
> > 1) Knowledgeable
> > 2) Determined
> > 3) has time
> > 4) is a criminal
>
> But I could certainly stop someone who is *not* knowledgeable nor
> determined, and his "criminal cracking" gnowledge ends when he presses
> Enter after typing "grep -r password /".
>
> Why do you think mail clients, web browsers and other software don't
> store the passwords in plain?
>
>
>
> --
> Tomek
> http://wpkg.org
> WPKG - software deployment and upgrades with Samba
>
>

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019