«

I have a collection of system admin scripts (on Win 2k) that I would
like to automate the execution of. However, some of them require the
use of logins with admin rights, and would therefore prefer not to
store the IDs in the clear text of the source. If memory serves
correctly, the "compiled" .pyc files do not provide much security in
this area.

Are there are recommended methods for supplying scripts with login
information in a secure fashion?

On Tuesday 10 August 2004 10:11, Max wrote:
> Are there are recommended methods for supplying scripts with login
> information in a secure fashion?

I believe the Windows task scheduler is capable of running a task as a
given user, in which case the script need not worry about the password,
the scheduler will store it and execute the script.

I know this is the case in Win Server 2k3, it seems like it'd probably
be present in 2k as well.

HTH,
-Michael

Max wrote:

> I have a collection of system admin scripts (on Win 2k) that I would
> like to automate the execution of. However, some of them require the
> use of logins with admin rights, and would therefore prefer not to
> store the IDs in the clear text of the source. If memory serves
> correctly, the "compiled" .pyc files do not provide much security in
> this area.
>
> Are there are recommended methods for supplying scripts with login
> information in a secure fashion?

Compiled Python scripts can be decompiled pretty easy. So they will not give
any security at all.
To store the password securely you can hash them with an algorithm like MD5.
For authentication you also hash the entered password and compare it with
the stored hash.

Thomas

(Max) writes:

> I have a collection of system admin scripts (on Win 2k) that I would
> like to automate the execution of. However, some of them require the
> use of logins with admin rights, and would therefore prefer not to
> store the IDs in the clear text of the source. If memory serves
> correctly, the "compiled" .pyc files do not provide much security in
> this area.
>
> Are there are recommended methods for supplying scripts with login
> information in a secure fashion?

You cannot store passwords in a secure fashion and extract them
automatically. If there is an algorithm for extracting them (and
worse the algorithm is in the script) then they aren't secure.

--
Christopher A. Craig <com->
"The problem with X is that it's overadequate" Dennis Ritchie

You could store the passwords in a file protected by NTFS encryption,
or set the file security to only allow administrators access.
hth
Roger

"Max" <> wrote in message
news: om...
> I have a collection of system admin scripts (on Win 2k) that I would
> like to automate the execution of. However, some of them require the
> use of logins with admin rights, and would therefore prefer not to
> store the IDs in the clear text of the source. If memory serves
> correctly, the "compiled" .pyc files do not provide much security in
> this area.
>
> Are there are recommended methods for supplying scripts with login
> information in a secure fashion?

"Roger Upole" <> writes:

> You could store the passwords in a file protected by NTFS encryption,
> or set the file security to only allow administrators access.
> hth
> Roger
>
> "Max" <> wrote in message
> news: om...
> > I have a collection of system admin scripts (on Win 2k) that I would
> > like to automate the execution of. However, some of them require the
> > use of logins with admin rights, and would therefore prefer not to
> > store the IDs in the clear text of the source. If memory serves
> > correctly, the "compiled" .pyc files do not provide much security in
> > this area.
> >
> > Are there are recommended methods for supplying scripts with login
> > information in a secure fashion?
>
>

Consider using ssh-agent. See "SSH The Secure Shell" from O'Reilly,
chapter on "Case Studies ... Unattended SSH: batch or cron".

--

6-6M21 BCA CompArch Design Engineering
Phone: (425) 342-0007