[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

how to hide part of the source passwords etc

Didier

9/3/2006 8:12:00 PM

I do some stuff that encapsulate calls to various systems
(os api, erp queries, databases access) and if the results
are no secret some passwords used internally are. How to
solve the issue?

example: one program to create a Windows AD user
and use internally higher credentials...(runas..)

You may ask how is it protected now?
Certainly not perfectly but it is in the compiled versions
and kids under 3 will not set a breakpoint.

regards

DD
6 Answers

Paul Lutus

9/3/2006 8:19:00 PM

0

Didier wrote:

> I do some stuff that encapsulate calls to various systems
> (os api, erp queries, databases access) and if the results
> are no secret some passwords used internally are. How to
> solve the issue?

Have the user of the program enter a password, rather than include the
password in the program itself.

I reply in this way because it is an obvious solution, but you haven't
explained your situation very clearly.

--
Paul Lutus
http://www.ara...

Didier

9/4/2006 9:28:00 AM

0

If you create a windows user based on datas stored in a
flat file and do all the checking to have it done
consistently. You can give the program to a
non administrator of the network. But you will not give
the administrator password so that any task be done
by anyone.


regards

Didier

--

Paul Lutus

9/4/2006 4:25:00 PM

0

Didier wrote:

> If you create a windows user based on datas stored in a
> flat file and do all the checking to have it done
> consistently. You can give the program to a
> non administrator of the network. But you will not give
> the administrator password so that any task be done
> by anyone.

It is difficult to understand the goal as you have explained it. As I
understand it, you want to grant administrative rights to
non-administrative users, but you don't want them to have administrative
authority.

You really cannot grant administrative access without going through the
access procedure, which includes a password. The password is either in the
script, or it is known to the user so he can type it in. Neither of these
options seems particularly attractive.

--
Paul Lutus
http://www.ara...

Didier

9/5/2006 8:43:00 PM

0

Well If i want to let users do say runas something it must
be done in client server or xml rpc or whatever the flavor.


a huge drawback for Ruby (and Python).



regards.


Didier

Cliff Cyphers

9/6/2006 2:00:00 AM

0

Didier wrote:
> Well If i want to let users do say runas something it must
> be done in client server or xml rpc or whatever the flavor.
>

How about ruby2scriptexe?

>
> a huge drawback for Ruby (and Python).

Java isn't much safer in this regard. It's fairly straight forward to
decompile byte code to the original.

Rick DeNatale

9/6/2006 4:47:00 PM

0

On 9/5/06, Cliff Cyphers <cdc@cyphers.dns2go.com> wrote:
> Didier wrote:
> > Well If i want to let users do say runas something it must
> > be done in client server or xml rpc or whatever the flavor.
> >
>
> How about ruby2scriptexe?
>
> >
> > a huge drawback for Ruby (and Python).
>
> Java isn't much safer in this regard. It's fairly straight forward to
> decompile byte code to the original.

And compiled C code or the like isn't necessarily that safe either.

On Unix> man strings
on Windows:
http://www.sysinternals.com/Utilities/St...

One shouldn't rely that much on security by obscurity.

--
Rick DeNatale

My blog on Ruby
http://talklikeaduck.denh...