This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: encoding scripts (so that user can't see passwords easily)?


Wayne Willcox schrieb:

On Tue, Dec 06, 2005 at 02:58:15PM -0500, Jim Drash wrote:

Don't put the user names or passwords in the script put them in a file
only readable by SYSTEM

> that would not solve the requirement of protecting the passwords > if the disk was stolen. The scripts are supposedly already > readable by system and admin only. >

That's exactly what I mean (they are already readable by SYSTEM and admins only).

If the disk is stolen, it would add some extra time before the password is compromised.

Someone gave a clue here:

http://cygwin.com/ml/cygwin/2005-12/msg00181.html

"instead of storing them plaintext, why don't you try encoding them via
cryptographic hashes - md5, sha1, tiger and the like."

But I don't really know where to start (which tool should I use for it?)


-- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]