Re: protecting passwords in properties
Re: protecting passwords in properties
- Subject: Re: protecting passwords in properties
- From: Axel Luttgens <email@hidden>
- Date: Fri, 21 Mar 2008 23:59:18 +0100
Le 21 mars 08 à 17:04, Vince Angeloni a écrit :
Axel,
Yes, it will contain the encrypted password and the passkey, but if
the passkey is generated entirely with script, wouldn't that script
be obscured by making the app "run only"? I was thinking that I
could use something like:
set passkey to ""
set passkeySource to "asdfghjkl"
set passkey to text item 2 of passkeySource & text item 5 of
passkeySource & item 3 of passkeySource ... etc ...
and since this is presumably made inaccessible by "run only", I
thought this would be "safe".
Hey Vince,
Well, just open your script, compiled as "run only", with a text
editor, or look at it with command "strings" for example: odds are
great that "asdfghjkl" will just bounce as a very interesting piece of
text to investigate further... ;-)
(depending on how the script was saved, perhaps would it be needed to
look at a file's resource fork instead of its data fork; but that's
not a big deal for a potential "hacker").
The fact is that every string constant is saved as is in a compiled
script.
So, with the above example, perhaps would it be safer to reverse the
logics, with something like:
set dummy to "a"
set bizarre to "s"
[...]
set gosh to "l"
set passkey to dummy & bizarre & [...] & gosh
possibly with taking care to intersperse the various statements
througout the whole script.
But then come the various tools for decompiling compiled applescripts...
More generally, as soon as keys have to be stored in a programmatic
way, the security nightmare begins.
Just have a look at the DRM business: in spite of their millions
(billions) of bucks, there has always been a cracker able to derive
the key, as well as to devise the way to make use of it...
However, this may be a moot point since I am liking your idea of
configuring sudo to allow use of the "shutdown" command by all
users. That *would* be a lot simpler and not put my admin password
at risk! I did not know that you could do this.
I think that would be the way to go. Now I just have to find out
how... (I have a few unix books I can look at...)
There are also:
man sudo
man sudoers
which should provide (almost) all needed info. Of course, the usual
caveats apply: do not provide more rights than the intended ones!
HTH,
Axel
_______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users
This email sent to email@hidden