This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: encoding scripts (so that user can't see passwords easily)?

On Tue, Dec 06, 2005 at 08:36:07PM +0100, Tomasz Chmielewski wrote:
>Svend Sorensen schrieb:
>>On 12/4/05, nidhog <> wrote:
>>>On 12/4/05, Christopher Faylor <> 
>>>>On Sun, Dec 04, 2005 at 12:20:57PM +0100, Tomasz Chmielewski wrote:
>>>>>I have a little open-source project, which eases Windows administration
>>>>>a bit.
>>>>>In some of the scripts, I use usernames and passwords (to get to a
>>>>>password-protected network share etc.).
>>>>>Because they are scripts, username and password is in plain.
>>>>>Although the script files are only readable by SYSTEM and
>>>>>Administrators, if a disk is stolen, someone could easily get the
>>>>>passwords by doing simple "grep -r password ./*".
>>>>>Do you know some tool which could "encode" scripts?
>>>instead of storing them plaintext, why don't you try encoding them via
>>>cryptographic hashes - md5, sha1, tiger and the like.
>>How is the script going to get the plaintext password if all it has is
>>a one way hash?
>I don't really care, perhaps it won't be any one way hash anyway.
>It is to be a measure to prevent an accidental viewing of 
>usernames/passwords rather than some "military grade" tool which takes 
>100 years to break on a supercomputer.

So, in that case, someone has already made a suggestion:

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]