• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: protecting passwords in properties
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: protecting passwords in properties

  • Subject: Re: protecting passwords in properties
  • From: Axel Luttgens <email@hidden>
  • Date: Fri, 21 Mar 2008 08:07:36 +0100

Le 21 mars 08 à 03:00, Vince Angeloni a écrit : 
I'm sticking to my suspicious scripting questions... ;  )

At any rate, I would like to use to the unix cmd 'shutdown' to bounce my kids off the computer when they exceed their time, and they don't pay attention to the more gentle system event "log out" I use previously to encourage them to get off the computer. To use this, I have to use an applescript 'with administrator privileges', so if I want this script to run on the kids' accounts, I'll need to put my admin account name and password into a property. I understand this is not secure.

I am thinking of leaving the properties empty when I compile and when the script first runs, it will ask for my admin account name and password and then place it into the property, only after having run it through the unix cmd 'openssl' to encrypt it. Thus, the property will only show the encrypted password. The password for the openssl command itself will be derived from an applescript which generates it by picking certain letters from a string of text stored in a temporary variable.

I am assuming that since this is compiled as a run-only application, the admin account password stored as a property will be encrypted and my password for openssl will be hidden in the compiled run-only applescript code. Are there any obvious holes here that I am missing? 

Hello Vince,

If I understood you correctly, you are considering openssl for performing some symmetric encryption of your admin password.
This would thus mean that your script will contain both your encrypted admin password and the key allowing to get back that password in clear text.
As a result, your script would just be slightly more secure than one storing directly your password in cleartext (I mean, it could perhaps bluff your kids, but not a friend's big brother...).

Assuming you have solved the problem to have your script continuously running (or at least without being interrupted), perhaps would it be cleaner to configure sudo (through /etc/sudoers) so that everybody may execute "shutdown -h now" without a password; that way, you could have:
do shell script "sudo shutdown -h now"
instead of:
do shell script "shutdown -h now" with administrator privileges user name ... password ...
in your script.

HTH,
Axel


_______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users

This email sent to email@hidden
References: 
 >protecting passwords in properties (From: Vince Angeloni <email@hidden>)

  • Prev by Date: Re: getting return from apple event
  • Next by Date: Re: Abs function broken on leopard?
  • Previous by thread: Re: protecting passwords in properties
  • Next by thread: Re: protecting passwords in properties
  • Index(es):
    • Date
    • Thread