Re: encoding scripts (so that user can't see passwords easily)?

[Tomasz Chmielewski <mangoo at wpkg dot org>]

Svend Sorensen schrieb:
> On 12/4/05, nidhog <nidhog@gmail.com> wrote:
>
> > On 12/4/05, Christopher Faylor <cgf-no-personal-reply-please@cygwin.com> wrote:
> >
> > > On Sun, Dec 04, 2005 at 12:20:57PM +0100, Tomasz Chmielewski wrote:
> > >
> > > > I have a little open-source project, which eases Windows administration
> > > > a bit.
> > > >
> > > > In some of the scripts, I use usernames and passwords (to get to a
> > > > password-protected network share etc.).
> > > > Because they are scripts, username and password is in plain.
> > > >
> > > > Although the script files are only readable by SYSTEM and
> > > > Administrators, if a disk is stolen, someone could easily get the
> > > > passwords by doing simple "grep -r password ./*".
> > > >
> > > > Do you know some tool which could "encode" scripts?
> >
> > instead of storing them plaintext, why don't you try encoding them via
> > cryptographic hashes - md5, sha1, tiger and the like.
>
>
> How is the script going to get the plaintext password if all it has is
> a one way hash?

I don't really care, perhaps it won't be any one way hash anyway.

It is to be a measure to prevent an accidental viewing of 
usernames/passwords rather than some "military grade" tool which takes 
100 years to break on a supercomputer.


--
Tomek
http://wpkg.org
WPKG - software deployment and upgrades with Samba

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/