Re: Expect how to protect password while telnet

From: Don Libes (libes_at_nist.gov)
Date: 02/11/04

  • Next message: Joe English : "Re: Tk megawidget Vs C" 
    Date: 11 Feb 2004 15:04:04 -0500

    Darren New <dnew@san.rr.com> writes:

    > Bruce Hartweg wrote:
    > >> 2) In the script i have to expose password. How to amke it secure
    > >> secure it ?
    > >> Any help will be appreciated.
    > >
    > > you can't. If you expose the password it is NOT secure.
    >
    > Or, to put it another way, any password the computer can figure out on
    > its own is one that a human looking at everything on the computer can
    > follow the same steps to figure out. So it depends on what threats
    > you're trying to guard against. If someone takes the disk out and sticks
    > it in a different computer, they can ignore any account-level
    > permissions and decode what's on the disk. If you're not worried about
    > that, just make a separate account whose login only you know, and give
    > only that account permission to see the expect script.
    >
    > But in general, there's no way to make a computer do something without
    > human intervention that a sufficiently motivated human couldn't do if
    > they got their hands on the computer. (And I'd love to hear if I'm
    > wrong. ;-)

    Glenn mentioned ssh - and that is good if it's a login password (and
    you have ssh on both sides of the connection).

    A couple solutions to the more general case (i.e., non-login apps) can
    be found here:

    http://expect.nist.gov/doc/bgpasswd.pdf

    Don

  • Next message: Joe English : "Re: Tk megawidget Vs C"

    Relevant Pages

    • Screensaver password not tied to user account
      ... like the password to be the same no matter who is logged in -- i.e. not the ... password of any user's account. ... USE SYSTEM LOGIN PASSWORD: The software will expect the user to type in their login password - the same password that is used ... USE MANUAL PASSWORD: You may also choose to enter a different password manually using the configuration program. ...
      (microsoft.public.windowsxp.security_admin)
    • Screensaver password not tied to user account
      ... like the password to be the same no matter who is logged in -- i.e. not the ... password of any user's account. ... USE SYSTEM LOGIN PASSWORD: The software will expect the user to type in their login password - the same password that is used ... USE MANUAL PASSWORD: You may also choose to enter a different password manually using the configuration program. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: URGENT - Invoke destructive batch files on login
      ... Unfortunately no other account only Administrator. ... an ex contractor has changed the login password for our SBS2003 ... server, not only that but he has added a batch file to invoke if we ...
      (microsoft.public.windows.server.sbs)
    • Problem passing cns with spaces
      ... account permission to the SELF account and then moves it to a specified OU. ... set objACE = CreateObject ... 'Give the SELF-Account the External-Account right ...
      (microsoft.public.scripting.vbscript)
    • Re: File.Exists and UNC Shares
      ... If not, give that account permission to read the share, ... Giving that account permission to access the UNC share will solve your problem. ... Windows 2000 Server machine. ...
      (microsoft.public.dotnet.framework.aspnet)