Svend Sorensen schrieb:
On 12/4/05, nidhog <[EMAIL PROTECTED]> wrote:
On 12/4/05, Christopher Faylor <[EMAIL PROTECTED]> wrote:
On Sun, Dec 04, 2005 at 12:20:57PM +0100, Tomasz Chmielewski wrote:
I have a little open-source project, which eases Windows administration
a bit.
In some of the scripts, I use usernames and passwords (to get to a
password-protected network share etc.).
Because they are scripts, username and password is in plain.
Although the script files are only readable by SYSTEM and
Administrators, if a disk is stolen, someone could easily get the
passwords by doing simple "grep -r password ./*".
Do you know some tool which could "encode" scripts?
instead of storing them plaintext, why don't you try encoding them via
cryptographic hashes - md5, sha1, tiger and the like.
How is the script going to get the plaintext password if all it has is
a one way hash?
I don't really care, perhaps it won't be any one way hash anyway.
It is to be a measure to prevent an accidental viewing of
usernames/passwords rather than some "military grade" tool which takes
100 years to break on a supercomputer.
--
Tomek
http://wpkg.org
WPKG - software deployment and upgrades with Samba
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/