how to hide part of the source passwords etc

Discussion in 'Ruby' started by Didier, Sep 3, 2006.

  1. Didier

    Didier Guest

    I do some stuff that encapsulate calls to various systems
    (os api, erp queries, databases access) and if the results
    are no secret some passwords used internally are. How to
    solve the issue?

    example: one program to create a Windows AD user
    and use internally higher credentials...(runas..)

    You may ask how is it protected now?
    Certainly not perfectly but it is in the compiled versions
    and kids under 3 will not set a breakpoint.

    regards

    DD
     
    Didier, Sep 3, 2006
    #1
    1. Advertising

  2. Didier

    Didier Guest

    If you create a windows user based on datas stored in a
    flat file and do all the checking to have it done
    consistently. You can give the program to a
    non administrator of the network. But you will not give
    the administrator password so that any task be done
    by anyone.


    regards

    Didier

    --
     
    Didier, Sep 4, 2006
    #2
    1. Advertising

  3. Didier

    Didier Guest

    Well If i want to let users do say runas something it must
    be done in client server or xml rpc or whatever the flavor.


    a huge drawback for Ruby (and Python).



    regards.


    Didier
     
    Didier, Sep 5, 2006
    #3
  4. Didier wrote:
    > Well If i want to let users do say runas something it must
    > be done in client server or xml rpc or whatever the flavor.
    >


    How about ruby2scriptexe?

    >
    > a huge drawback for Ruby (and Python).


    Java isn't much safer in this regard. It's fairly straight forward to
    decompile byte code to the original.
     
    Cliff Cyphers, Sep 6, 2006
    #4
  5. On 9/5/06, Cliff Cyphers <2go.com> wrote:
    > Didier wrote:
    > > Well If i want to let users do say runas something it must
    > > be done in client server or xml rpc or whatever the flavor.
    > >

    >
    > How about ruby2scriptexe?
    >
    > >
    > > a huge drawback for Ruby (and Python).

    >
    > Java isn't much safer in this regard. It's fairly straight forward to
    > decompile byte code to the original.


    And compiled C code or the like isn't necessarily that safe either.

    On Unix> man strings
    on Windows:
    http://www.sysinternals.com/Utilities/Strings.html

    One shouldn't rely that much on security by obscurity.

    --
    Rick DeNatale

    My blog on Ruby
    http://talklikeaduck.denhaven2.com/
     
    Rick DeNatale, Sep 6, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Just D.
    Replies:
    9
    Views:
    10,808
    majiswala
    Jun 22, 2007
  2. cbfk23
    Replies:
    1
    Views:
    459
    Andrew Thompson
    Oct 17, 2004
  3. Kevin Walzer

    Re: PIL (etc etc etc) on OS X

    Kevin Walzer, Aug 1, 2008, in forum: Python
    Replies:
    4
    Views:
    418
    Fredrik Lundh
    Aug 13, 2008
  4. jp2code

    passwords in the source?

    jp2code, Oct 16, 2007, in forum: ASP General
    Replies:
    6
    Views:
    83
    jp2code
    Oct 18, 2007
  5. Brian Wallace
    Replies:
    0
    Views:
    112
    Brian Wallace
    Apr 9, 2009
Loading...

Share This Page