Re: Security of run-only applications
Re: Security of run-only applications
- Subject: Re: Security of run-only applications
- From: David Simerly <email@hidden>
- Date: Fri, 14 Sep 2001 00:26:45 -0700
- Url: http://www.digital-native.com
on 9/13/01 9:45 PM, Timothy Bates at <email@hidden> wrote:
>
I do no know how applescript stores "passwords" - but I imagine as clear
>
text: they are not passwords to AppleScript, just text variables.
Yes, they are clear-text. If you open a run-only script in ResEdit or
Resorcerer, and then edit the "scpt" resource, you'll be able to see all the
property/variable declarations and values. The only possible security you
can apply within a script is obfuscation, or in other words, a red herring.
For instance, naming the property which stores your password something like
"error_string_42," and then preceding and following it with a number of
similar properties and values. Even this is not very secure though, since a
determined hacker will simply write a script that iterates through the
vars/values until the real password is found.
I think Timothy is right: script the keychain.
DS
______________________________________
Digital Native
Your guide through the virtual jungle.
______________________________________
Ever Wonder: Why didn't Noah swat those two mosquitoes?