Several configuration parameters contains (or can contain) security data like user names, passwords, certificates, cert-keys and so on. The values of all those parameters are stored encrypted in assp.cfg. If such a parameter allows the usage of the 'file:' option and this option is used, the defined file will be also stored encrypted. If such a file contains a '# include ...' statement, the included file will be also stored encrypted. But it is possible to include the same file in a secured and a unsecured parameter - there was an issue. There were some other conditions, that have prevented the secured inclusion of a file. For example - assp has already stored such a file encrypted in the past, but the file was overwritten by an external application with plain text. Or - assp has stored the included file encrypted, the include statement was removed, the file was replaced with plain text and the include statment was reimplemented.
2.4.6 build 15257 is able to deal with all possible conditions >How would ASSP know how to decrypt an included file? simple answer: because assp has encypted the file - it knows how to decrypt the file. Thomas Von: K Post <nntp.p...@gmail.com> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 14.09.2015 19:51 Betreff: Re: [Assp-test] fixes in assp 2.4.6 build 15257 What do you mean by "encrypted?" How would ASSP know how to decrypt an included file? I did notice an oddity when I changed my group definition file from executing a perl script to having that perl script run externally and then using an include instead. If those include files were in the cfg folder, they wouldn't work and would instead be scrambled. I moved them to their own folder and all was okay. Is that what you mean? On Mon, Sep 14, 2015 at 7:37 AM, Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > Hi all, > > fixed in assp 2.4.6 build 15257: > > - encrypted include files (# include file) were some times not processed > correctly > > Thomas > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > > ------------------------------------------------------------------------------ > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
