Secure storage for passwords for admin scripts?

Discussion in 'Python' started by Max, Aug 10, 2004.

  1. Max

    Max Guest

    I have a collection of system admin scripts (on Win 2k) that I would
    like to automate the execution of. However, some of them require the
    use of logins with admin rights, and would therefore prefer not to
    store the IDs in the clear text of the source. If memory serves
    correctly, the "compiled" .pyc files do not provide much security in
    this area.

    Are there are recommended methods for supplying scripts with login
    information in a secure fashion?
     
    Max, Aug 10, 2004
    #1
    1. Advertising

  2. On Tuesday 10 August 2004 10:11, Max wrote:
    > Are there are recommended methods for supplying scripts with login
    > information in a secure fashion?


    I believe the Windows task scheduler is capable of running a task as a
    given user, in which case the script need not worry about the password,
    the scheduler will store it and execute the script.

    I know this is the case in Win Server 2k3, it seems like it'd probably
    be present in 2k as well.

    HTH,
    -Michael
     
    Michael Ekstrand, Aug 10, 2004
    #2
    1. Advertising

  3. Max wrote:

    > I have a collection of system admin scripts (on Win 2k) that I would
    > like to automate the execution of. However, some of them require the
    > use of logins with admin rights, and would therefore prefer not to
    > store the IDs in the clear text of the source. If memory serves
    > correctly, the "compiled" .pyc files do not provide much security in
    > this area.
    >
    > Are there are recommended methods for supplying scripts with login
    > information in a secure fashion?


    Compiled Python scripts can be decompiled pretty easy. So they will not give
    any security at all.
    To store the password securely you can hash them with an algorithm like MD5.
    For authentication you also hash the entered password and compare it with
    the stored hash.

    Thomas
     
    Thomas =?ISO-8859-1?Q?Kr=FCger?=, Aug 10, 2004
    #3
  4. (Max) writes:

    > I have a collection of system admin scripts (on Win 2k) that I would
    > like to automate the execution of. However, some of them require the
    > use of logins with admin rights, and would therefore prefer not to
    > store the IDs in the clear text of the source. If memory serves
    > correctly, the "compiled" .pyc files do not provide much security in
    > this area.
    >
    > Are there are recommended methods for supplying scripts with login
    > information in a secure fashion?


    You cannot store passwords in a secure fashion and extract them
    automatically. If there is an algorithm for extracting them (and
    worse the algorithm is in the script) then they aren't secure.

    --
    Christopher A. Craig <>
    "The problem with X is that it's overadequate" Dennis Ritchie
     
    Christopher A. Craig, Aug 10, 2004
    #4
  5. Max

    Roger Upole Guest

    You could store the passwords in a file protected by NTFS encryption,
    or set the file security to only allow administrators access.
    hth
    Roger

    "Max" <> wrote in message
    news:...
    > I have a collection of system admin scripts (on Win 2k) that I would
    > like to automate the execution of. However, some of them require the
    > use of logins with admin rights, and would therefore prefer not to
    > store the IDs in the clear text of the source. If memory serves
    > correctly, the "compiled" .pyc files do not provide much security in
    > this area.
    >
    > Are there are recommended methods for supplying scripts with login
    > information in a secure fashion?
     
    Roger Upole, Aug 11, 2004
    #5
  6. Max

    Harry George Guest

    "Roger Upole" <> writes:

    > You could store the passwords in a file protected by NTFS encryption,
    > or set the file security to only allow administrators access.
    > hth
    > Roger
    >
    > "Max" <> wrote in message
    > news:...
    > > I have a collection of system admin scripts (on Win 2k) that I would
    > > like to automate the execution of. However, some of them require the
    > > use of logins with admin rights, and would therefore prefer not to
    > > store the IDs in the clear text of the source. If memory serves
    > > correctly, the "compiled" .pyc files do not provide much security in
    > > this area.
    > >
    > > Are there are recommended methods for supplying scripts with login
    > > information in a secure fashion?

    >
    >


    Consider using ssh-agent. See "SSH The Secure Shell" from O'Reilly,
    chapter on "Case Studies ... Unattended SSH: batch or cron".

    --

    6-6M21 BCA CompArch Design Engineering
    Phone: (425) 342-0007
     
    Harry George, Aug 11, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Buchmann

    Passwords in web.config... is this secure?

    John Buchmann, Dec 15, 2003, in forum: ASP .Net
    Replies:
    3
    Views:
    5,091
    Munsifali Rashid
    Dec 15, 2003
  2. tma
    Replies:
    2
    Views:
    499
    Patrice
    Sep 7, 2004
  3. Ahmed Moustafa
    Replies:
    5
    Views:
    444
    Brian Palmer
    Aug 20, 2003
  4. sarah Fernandes
    Replies:
    0
    Views:
    509
    sarah Fernandes
    Nov 1, 2010
  5. Phlip
    Replies:
    1
    Views:
    290
    Eero Saynatkari
    Sep 15, 2006
Loading...

Share This Page