This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: encoding scripts (so that user can't see passwords easily)?

On 12/4/05, Christopher Faylor <cgf-no-personal-reply-please@cygwin.com> wrote:
> On Sun, Dec 04, 2005 at 12:20:57PM +0100, Tomasz Chmielewski wrote:
> >I have a little open-source project, which eases Windows administration
> >a bit.
> >
> >In some of the scripts, I use usernames and passwords (to get to a
> >password-protected network share etc.).
> >Because they are scripts, username and password is in plain.
> >
> >Although the script files are only readable by SYSTEM and
> >Administrators, if a disk is stolen, someone could easily get the
> >passwords by doing simple "grep -r password ./*".
> >
> >Do you know some tool which could "encode" scripts?

instead of storing them plaintext, why don't you try encoding them via
cryptographic hashes - md5, sha1, tiger and the like.

while it's still vulnerable to bruteforce if they get your hashed
passwords, you can mitigate the risk by requiring longer/more complex
passwords.

at least it's not as easy as grep'ping for the plaintext password left
alone naked all out in the open.


--
/nh

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]