Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Secure storage for passwords for admin scripts?

Reply
Thread Tools

Secure storage for passwords for admin scripts?

 
 
Max
Guest
Posts: n/a
 
      08-10-2004
I have a collection of system admin scripts (on Win 2k) that I would
like to automate the execution of. However, some of them require the
use of logins with admin rights, and would therefore prefer not to
store the IDs in the clear text of the source. If memory serves
correctly, the "compiled" .pyc files do not provide much security in
this area.

Are there are recommended methods for supplying scripts with login
information in a secure fashion?
 
Reply With Quote
 
 
 
 
Michael Ekstrand
Guest
Posts: n/a
 
      08-10-2004
On Tuesday 10 August 2004 10:11, Max wrote:
> Are there are recommended methods for supplying scripts with login
> information in a secure fashion?


I believe the Windows task scheduler is capable of running a task as a
given user, in which case the script need not worry about the password,
the scheduler will store it and execute the script.

I know this is the case in Win Server 2k3, it seems like it'd probably
be present in 2k as well.

HTH,
-Michael
 
Reply With Quote
 
 
 
 
Thomas =?ISO-8859-1?Q?Kr=FCger?=
Guest
Posts: n/a
 
      08-10-2004
Max wrote:

> I have a collection of system admin scripts (on Win 2k) that I would
> like to automate the execution of. However, some of them require the
> use of logins with admin rights, and would therefore prefer not to
> store the IDs in the clear text of the source. If memory serves
> correctly, the "compiled" .pyc files do not provide much security in
> this area.
>
> Are there are recommended methods for supplying scripts with login
> information in a secure fashion?


Compiled Python scripts can be decompiled pretty easy. So they will not give
any security at all.
To store the password securely you can hash them with an algorithm like MD5.
For authentication you also hash the entered password and compare it with
the stored hash.

Thomas
 
Reply With Quote
 
Christopher A. Craig
Guest
Posts: n/a
 
      08-10-2004
http://www.velocityreviews.com/forums/(E-Mail Removed) (Max) writes:

> I have a collection of system admin scripts (on Win 2k) that I would
> like to automate the execution of. However, some of them require the
> use of logins with admin rights, and would therefore prefer not to
> store the IDs in the clear text of the source. If memory serves
> correctly, the "compiled" .pyc files do not provide much security in
> this area.
>
> Are there are recommended methods for supplying scripts with login
> information in a secure fashion?


You cannot store passwords in a secure fashion and extract them
automatically. If there is an algorithm for extracting them (and
worse the algorithm is in the script) then they aren't secure.

--
Christopher A. Craig <(E-Mail Removed)>
"The problem with X is that it's overadequate" Dennis Ritchie

 
Reply With Quote
 
Roger Upole
Guest
Posts: n/a
 
      08-11-2004
You could store the passwords in a file protected by NTFS encryption,
or set the file security to only allow administrators access.
hth
Roger

"Max" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I have a collection of system admin scripts (on Win 2k) that I would
> like to automate the execution of. However, some of them require the
> use of logins with admin rights, and would therefore prefer not to
> store the IDs in the clear text of the source. If memory serves
> correctly, the "compiled" .pyc files do not provide much security in
> this area.
>
> Are there are recommended methods for supplying scripts with login
> information in a secure fashion?



 
Reply With Quote
 
Harry George
Guest
Posts: n/a
 
      08-11-2004
"Roger Upole" <(E-Mail Removed)> writes:

> You could store the passwords in a file protected by NTFS encryption,
> or set the file security to only allow administrators access.
> hth
> Roger
>
> "Max" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > I have a collection of system admin scripts (on Win 2k) that I would
> > like to automate the execution of. However, some of them require the
> > use of logins with admin rights, and would therefore prefer not to
> > store the IDs in the clear text of the source. If memory serves
> > correctly, the "compiled" .pyc files do not provide much security in
> > this area.
> >
> > Are there are recommended methods for supplying scripts with login
> > information in a secure fashion?

>
>


Consider using ssh-agent. See "SSH The Secure Shell" from O'Reilly,
chapter on "Case Studies ... Unattended SSH: batch or cron".

--
(E-Mail Removed)
6-6M21 BCA CompArch Design Engineering
Phone: (425) 342-0007
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Urgent : Direct Client is looking for Informatica Admin &Developer(Admin must) sarah Fernandes Java 0 11-01-2010 05:03 PM
Secure your digital information assets with Secure Auditor. SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:53 AM
Secure your digital information assets with Secure Auditor SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:52 AM
admin passwords ? Frank Cisco 1 06-22-2005 03:49 PM



Advertisments