Re: protecting passwords in properties
Re: protecting passwords in properties
- Subject: Re: protecting passwords in properties
- From: Axel Luttgens <email@hidden>
- Date: Fri, 21 Mar 2008 08:07:36 +0100
Le 21 mars 08 à 03:00, Vince Angeloni a écrit :
I'm sticking to my suspicious scripting questions... ; )
At any rate, I would like to use to the unix cmd 'shutdown' to
bounce my kids off the computer when they exceed their time, and
they don't pay attention to the more gentle system event "log out" I
use previously to encourage them to get off the computer. To use
this, I have to use an applescript 'with administrator privileges',
so if I want this script to run on the kids' accounts, I'll need to
put my admin account name and password into a property. I understand
this is not secure.
I am thinking of leaving the properties empty when I compile and
when the script first runs, it will ask for my admin account name
and password and then place it into the property, only after having
run it through the unix cmd 'openssl' to encrypt it. Thus, the
property will only show the encrypted password. The password for the
openssl command itself will be derived from an applescript which
generates it by picking certain letters from a string of text stored
in a temporary variable.
I am assuming that since this is compiled as a run-only application,
the admin account password stored as a property will be encrypted
and my password for openssl will be hidden in the compiled run-only
applescript code. Are there any obvious holes here that I am missing?
Hello Vince,
If I understood you correctly, you are considering openssl for
performing some symmetric encryption of your admin password.
This would thus mean that your script will contain both your encrypted
admin password and the key allowing to get back that password in clear
text.
As a result, your script would just be slightly more secure than one
storing directly your password in cleartext (I mean, it could perhaps
bluff your kids, but not a friend's big brother...).
Assuming you have solved the problem to have your script continuously
running (or at least without being interrupted), perhaps would it be
cleaner to configure sudo (through /etc/sudoers) so that everybody may
execute "shutdown -h now" without a password; that way, you could have:
do shell script "sudo shutdown -h now"
instead of:
do shell script "shutdown -h now" with administrator privileges user
name ... password ...
in your script.
HTH,
Axel
_______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users
This email sent to email@hidden