[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: [OT] Security in scripting languages
- From: "Charles Steinkuehler" <charles@...>
- Date: Fri, 15 Feb 2002 12:28:40 -0600
> Suppose I use Lua to automate some tasks that need to provide a password.
> For example, whilst using with cURL or Sock, to connect to a site asking
for a
> password or to provide a password in a form; or for automated tasks (eg.
> with AutoIt) needing login or typing a password, etc.
>
> Is there any mean to encrypt the password in the script, so it can be
hardly
> decyphered by another person?
You seem to be getting a lot of excellent advice on storing password data
for *YOUR* application, but not about storing passwords for a remote system,
which *HAVE* to be available unencrypted.
As you mention, any crypt function you do on the stored password will have
to be reversable, and you'll have to have the code to do that in your
program, so you're not buying anything other than a slight obfuscation, and
some code bloat.
Normally, this sort of things is handled with file permissions...you create
a file containing the password, with 600 permissions, and owned by a trusted
user.
You can then simply read the password directly from the script, and let the
standard unix permissions system deal with securing the password data from
untrusted users. This allows multiple users to use the same script,
situations where the script writer doesn't know (or can't have access to)
the password, but the user running the script does, etc...
Charles Steinkuehler
charles@steinkuehler.net
