Re: Security/FTP log in info
on 9/17/01 3:17 AM, Raymond E. Griffith at [EMAIL PROTECTED] wrote: > A script encrypted with a password in entirely unreadable by a text editor. > When running in MC, access to all scripts are restricted without the > passkey. However anything else is accessible, including custom properties. > > You can "set" a script with another script, but the user who runs it will > run into the ten-line limitation if running the starter kit. But if you > "set" a script without the "on handlername" or "function functionname" > headers that show a script then you can use the script as a general > container. > > As for *how* secure the passkey is -- I believe that the MC readme refers to > it as a rather weak form of encryption. I know that Scott says if you forget > a password you can send your stack to him and get it removed for a fee. If > Scott considers the encryption to be weak, I'd say that it may well be. But > on the face of it the level of encryption should be daunting enough to make > most people shy away from trying to guess an "unguessable" password. Excellent insights, very useful, thanks. Now, final question relates your insights to previous one: It was said that when a standalone is built, the stack script is encrypted also. And it would indeed appear not so, I examined one of my stand alones in BBEdit and the stack script was quite visible... so, looks like your proposal is the best one so far. Password protected substack...will have to set though...if one can in fact extract data from a password protected substack with out opening it. Hinduism Today Sivakatirswami Editor's Assistant/Production Manager [EMAIL PROTECTED] www.HinduismToday.com, www.HimalayanAcademy.com, www.Gurudeva.org, www.hindu.org Statement on America Under Attack And August 2000 Address made at the United Nations on Stopping the War in the Home: http://www.saivasiddhanta.org/hawaii/church/policy/attack_on_america_9112001 .html Archives: http://www.mail-archive.com/metacard@lists.runrev.com/ Info: http://www.xworlds.com/metacard/mailinglist.htm Please send bug reports to <[EMAIL PROTECTED]>, not this list.
Re: Security/FTP log in info
on 9/16/01 1:00 AM, David Bovill <[EMAIL PROTECTED]> at [EMAIL PROTECTED] wrote: > The only thing that is encrypted is the stack script - but you can always > use this as a container to store your log - there is no reason why not (and > my understanding is that it is fairly secure - maybe not a good place to > store your credit card details - but still pretty difficult to crack without > low level tools). Ok then, so a function in the stack script such as function get_login_data put "host.server.com" & cr & \ "UserName" & cr & \ "Password" into logInData return logInData end get_login_data That could be called later from anywhere..and return three lines of the necessary data should work. And this would get encrypted in a password protected Standalone application. Thanks Hinduism Today Sivakatirswami Editor's Assistant/Production Manager [EMAIL PROTECTED] www.HinduismToday.com, www.HimalayanAcademy.com, www.Gurudeva.org, www.hindu.org Statement on America Under Attack And August 2000 Address made at the United Nations on Stopping the War in the Home: http://www.saivasiddhanta.org/hawaii/church/policy/attack_on_america_9112001 .html Archives: http://www.mail-archive.com/metacard@lists.runrev.com/ Info: http://www.xworlds.com/metacard/mailinglist.htm Please send bug reports to <[EMAIL PROTECTED]>, not this list.
Re: Security/FTP log in info
on 9/16/01 1:00 AM, David Bovill <[EMAIL PROTECTED]> at [EMAIL PROTECTED] wrote: > The only thing that is encrypted is the stack script - but you can always > use this as a container to store your log - there is no reason why not (and > my understanding is that it is fairly secure - maybe not a good place to > store your credit card details - but still pretty difficult to crack without > low level tools). Ok then, so a function in the stack script such as function get_login_data put "host.server.com" & cr & \ "UserName" & cr & \ "Password" into logInData return logInData end get_login_data That could be called later from anywhere..and return three lines of the necessary data should work. And this would get encrypted in a password protected Standalone application. Thanks Hinduism Today Sivakatirswami Editor's Assistant/Production Manager [EMAIL PROTECTED] www.HinduismToday.com, www.HimalayanAcademy.com, www.Gurudeva.org, www.hindu.org Statement on America Under Attack And August 2000 Address made at the United Nations on Stopping the War in the Home: http://www.saivasiddhanta.org/hawaii/church/policy/attack_on_america_9112001 .html Archives: http://www.mail-archive.com/metacard@lists.runrev.com/ Info: http://www.xworlds.com/metacard/mailinglist.htm Please send bug reports to <[EMAIL PROTECTED]>, not this list.
Re: Security/FTP log in info
on Sat, 15 Sep 2001 12:24:23 +0100 David Bovill at <[EMAIL PROTECTED]> wrote \ > > The only thing that is encrypted is the stack script - but you can always > use this as a container to store your log - there is no reason why not (and > my understanding is that it is fairly secure - maybe not a good place to > store your credit card details - but still pretty difficult to crack without > low level tools). > >> on Fri, 14 Sep 2001 18:29:39 -1000 Sivakatirswami <[EMAIL PROTECTED]> wrote >> >> Question... if the stack is encrypted with a password, would the the FTP log >> in access info be unreadable? how secure would it be...really? > > A script encrypted with a password in entirely unreadable by a text editor. When running in MC, access to all scripts are restricted without the passkey. However anything else is accessible, including custom properties. You can "set" a script with another script, but the user who runs it will run into the ten-line limitation if running the starter kit. But if you "set" a script without the "on handlername" or "function functionname" headers that show a script then you can use the script as a general container. As for *how* secure the passkey is -- I believe that the MC readme refers to it as a rather weak form of encryption. I know that Scott says if you forget a password you can send your stack to him and get it removed for a fee. If Scott considers the encryption to be weak, I'd say that it may well be. But on the face of it the level of encryption should be daunting enough to make most people shy away from trying to guess an "unguessable" password. But only Scott -- or a hacker -- would be able to tell you "how" secure your log or scripts would be. The "ask password" encryption is reductive. I rather suspect that the stack password encryption is as well, but the form is different. The "ask password" is interesting, though. Used in a script you could do something like this: ask password "Please enter your clearance code" if it is not "nm7?._Y~@IO,=|FsVO" then exit mouseup The interesting thing is that in order to get this, the user would have to type in "today and tomorrow". So even if someone has the ability to "see" a script, they may not be able to run the script as it stands without the password. Reversing the password would have to be a major pain I'm sure. Because the encryption is reductive, you might never be able to get the intended original back again. The cryptography placed into MC is interesting -- but I'm pretty sure Scott will never tell (right?). Hmmm. Thinking. How to make the stack password even *more* secure? Try using a script on a substack as a container and encoding the substack with an "ask password" (on preopenstack) as well as a stack password (that is different from the mainstack's password). The user would not even be able to open the substack without the password, and then they would have to face the prospect of a stack password to access a script. I'd venture to say that for ordinary users, you'd be pretty safe this way. Again, fascinating subject. I wish I had a bit more time to play with it. Cheers, Raymond Archives: http://www.mail-archive.com/metacard@lists.runrev.com/ Info: http://www.xworlds.com/metacard/mailinglist.htm Please send bug reports to <[EMAIL PROTECTED]>, not this list.
Re: Security/FTP log in info
The only thing that is encrypted is the stack script - but you can always use this as a container to store your log - there is no reason why not (and my understanding is that it is fairly secure - maybe not a good place to store your credit card details - but still pretty difficult to crack without low level tools). > From: Sivakatirswami <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Fri, 14 Sep 2001 18:29:39 -1000 > To: [EMAIL PROTECTED] > Subject: Security/FTP log in info > > Question... if the stack is encrypted with a password, would the the FTP log > in access info be unreadable? how secure would it be...really? Archives: http://www.mail-archive.com/metacard@lists.runrev.com/ Info: http://www.xworlds.com/metacard/mailinglist.htm Please send bug reports to <[EMAIL PROTECTED]>, not this list.
Security/FTP log in info
First: our hearts and prayers go out to all those affected by the terrible events of the 11th, let us hope our leaders are successful in the endeavors... (see below for more if you are interested) I asked this question in a message with several other questions and never got an answer...so, try again... With 2.4 we see great tools down the road for creating interfaces for delegation of web tasks. In many instances we would like individuals to have access for very specific tasks but not give them access to the site globally. The idea would be to embed the FTP log in info into some specialized toolbox stack/standalone. Question... if the stack is encrypted with a password, would the the FTP log in access info be unreadable? how secure would it be...really? Hinduism Today Sivakatirswami Editor's Assistant/Production Manager [EMAIL PROTECTED] www.HinduismToday.com, www.HimalayanAcademy.com, www.Gurudeva.org, www.hindu.org Statement on America Under Attack And August 2000 Address made at the United Nations on Stopping the War in the Home: http://www.saivasiddhanta.org/hawaii/church/policy/attack_on_america_9112001 .html Archives: http://www.mail-archive.com/metacard@lists.runrev.com/ Info: http://www.xworlds.com/metacard/mailinglist.htm Please send bug reports to <[EMAIL PROTECTED]>, not this list.