X-Spam-Check-By: sourceware.org X-ORBL: [70.240.14.68] Date: Tue, 6 Dec 2005 14:02:14 -0600 From: Wayne Willcox To: cygwin AT cygwin DOT com Subject: Re: encoding scripts (so that user can't see passwords easily)? Message-ID: <20051206140214.A4275@reliant.immure.com> Reply-To: Wayne Willcox References: <4392D119 DOT 7080409 AT wpkg DOT org> <20051204173646 DOT GA28855 AT trixie DOT casa DOT cgf DOT cx> <7ff9c2a10512060949l72e9693bv251e0d46c36ea0e0 AT mail DOT gmail DOT com> <4395E827 DOT 4070804 AT wpkg DOT org> <61f6f4390512061158o5a2ef71by6e1a419c8e6499b3 AT mail DOT gmail DOT com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <61f6f4390512061158o5a2ef71by6e1a419c8e6499b3@mail.gmail.com>; from jim.drash@gmail.com on Tue, Dec 06, 2005 at 02:58:15PM -0500 X-Operating-System: FreeBSD reliant.immure.com 4.4-RELEASE FreeBSD 4.4-RELEASE X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com that would not solve the requirement of protecting the passwords if the disk was stolen. The scripts are supposedly already readable by system and admin only. On Tue, Dec 06, 2005 at 02:58:15PM -0500, Jim Drash wrote: > Don't put the user names or passwords in the script put them in a file > only readable by SYSTEM > > > On 12/6/05, Tomasz Chmielewski wrote: > > Svend Sorensen schrieb: > > > On 12/4/05, nidhog wrote: > > > > > >>On 12/4/05, Christopher Faylor wrote: > > >> > > >>>On Sun, Dec 04, 2005 at 12:20:57PM +0100, Tomasz Chmielewski wrote: > > >>> > > >>>>I have a little open-source project, which eases Windows administration > > >>>>a bit. > > >>>> > > >>>>In some of the scripts, I use usernames and passwords (to get to a > > >>>>password-protected network share etc.). > > >>>>Because they are scripts, username and password is in plain. > > >>>> > > >>>>Although the script files are only readable by SYSTEM and > > >>>>Administrators, if a disk is stolen, someone could easily get the > > >>>>passwords by doing simple "grep -r password ./*". > > >>>> > > >>>>Do you know some tool which could "encode" scripts? > > >> > > >>instead of storing them plaintext, why don't you try encoding them via > > >>cryptographic hashes - md5, sha1, tiger and the like. > > > > > > > > > How is the script going to get the plaintext password if all it has is > > > a one way hash? > > > > I don't really care, perhaps it won't be any one way hash anyway. > > > > It is to be a measure to prevent an accidental viewing of > > usernames/passwords rather than some "military grade" tool which takes > > 100 years to break on a supercomputer. > > > > > > -- > > Tomek > > http://wpkg.org > > WPKG - software deployment and upgrades with Samba > > > > -- > > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > > Problem reports: http://cygwin.com/problems.html > > Documentation: http://cygwin.com/docs.html > > FAQ: http://cygwin.com/faq/ > > > > > > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Problem reports: http://cygwin.com/problems.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ -- Slowly and surely the unix crept up on the Nintendo user ... Wayne Willcox I will not eat green eggs and ham wayne AT reliant DOT immure DOT com I will not eat them Sam I Am!! A wise person makes his own decisions, a weak one obeys public opinion. -- Chinese proverb -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/