Re: Re: protecting passwords in properties
Re: Re: protecting passwords in properties
- Subject: Re: Re: protecting passwords in properties
- From: Vince Angeloni <email@hidden>
- Date: Fri, 21 Mar 2008 11:04:12 -0500
Axel,
Yes, it will contain the encrypted password and the passkey, but if the passkey is generated entirely with script, wouldn't that script be obscured by making the app "run only"? I was thinking that I could use something like:
set passkey to "" set passkeySource to "asdfghjkl" set passkey to text item 2 of passkeySource & text item 5 of passkeySource & item 3 of passkeySource ... etc ...
and since this is presumably made inaccessible by "run only", I thought this would be "safe".
However, this may be a moot point since I am liking your idea of configuring sudo to allow use of the "shutdown" command by all users. That *would* be a lot simpler and not put my admin password at risk! I did not know that you could do this.
I think that would be the way to go. Now I just have to find out how... (I have a few unix books I can look at...)
Thank you. That was a very helpful suggestion.
vince
Le 21 mars 08 à 03:00, Vince Angeloni a écrit :I'm sticking to my suspicious scripting questions... ; ) At any rate, I would like to use to the unix cmd 'shutdown' to bounce my kids off the computer when they exceed their time, and they don't pay attention to the more gentle system event "log out" I use previously to encourage them to get off the computer. To use this, I have to use an applescript 'with administrator privileges', so if I want this script to run on the kids' accounts, I'll need to put my admin account name and password into a property. I understand this is not secure.
I am thinking of leaving the properties empty when I compile and when the script first runs, it will ask for my admin account name and password and then place it into the property, only after having run it through the unix cmd 'openssl' to encrypt it. Thus, the property will only show the encrypted password. The password for the openssl command itself will be derived from an applescript which generates it by picking certain letters from a string of text stored in a temporary variable.
I am assuming that since this is compiled as a run-only application, the admin account password stored as a property will be encrypted and my password for openssl will be hidden in the compiled run-only applescript code. Are there any obvious holes here that I am missing?
Hello Vince,
If I understood you correctly, you are considering openssl for performing some symmetric encryption of your admin password. This would thus mean that your script will contain both your encrypted admin password and the key allowing to get back that password in clear text. As a result, your script would just be slightly more secure than one storing directly your password in cleartext (I mean, it could perhaps bluff your kids, but not a friend's big brother...).
Assuming you have solved the problem to have your script continuously running (or at least without being interrupted), perhaps would it be cleaner to configure sudo (through /etc/sudoers) so that everybody may execute "shutdown -h now" without a password; that way, you could have: do shell script "sudo shutdown -h now" instead of: do shell script "shutdown -h now" with administrator privileges user name ... password ... in your script.
HTH,
Axel |
_______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users
This email sent to email@hidden