-------------------------------------------------- --------- [EMAIL PROTECTED] wrote: ------------ From: Joe Shen <[EMAIL PROTECTED]>
thanks , I tried with the script it works. but security problem still exists. > I mean, if someone get login password and enable > password, he could do anything he want. So, on > ERX1440, the account should be restricted to ONLY > to fecth configuration or show interface status. > ---------------------------------- > > The passwords are encrypted: > > password 5 1k8ObM~O#Y.c.G!8_EH& > > enable password level 10 7 [EMAIL PROTECTED]<qF|P!R=Pg4n the above solution just confirm that people will not get password by looking at configuration file. But, the script itself has clear text password included. People could get password by looking at script.... Is there any way to set up priviledge ability on E320? ---------------------------------------------------------- ---------------------------------------------------------- There is a security risk if you don't lock down the directory where the PERL program is located. Set permissions that will allow only those who have enable to get into the directory where the program is located. That's why I said this: "The main concern for some folks will be that the password is in clear text on the Unix server where the PERL programs reside (since most folks here are Micro$loth people, I don't have to worry too much... :-) If that's a concern, be sure to lock down the directory where the .pl programs reside very well." If you lock down the directory where the program is and allow all others access to the directory where the backups are, you can mitigate this security risk because the backups have the encrypted passwords. scott ----------------------------- _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
