Secure storage for passwords for admin scripts?

M

Max

I have a collection of system admin scripts (on Win 2k) that I would
like to automate the execution of. However, some of them require the
use of logins with admin rights, and would therefore prefer not to
store the IDs in the clear text of the source. If memory serves
correctly, the "compiled" .pyc files do not provide much security in
this area.

Are there are recommended methods for supplying scripts with login
information in a secure fashion?
 
M

Michael Ekstrand

Are there are recommended methods for supplying scripts with login
information in a secure fashion?
Click to expand...

I believe the Windows task scheduler is capable of running a task as a
given user, in which case the script need not worry about the password,
the scheduler will store it and execute the script.

I know this is the case in Win Server 2k3, it seems like it'd probably
be present in 2k as well.

HTH,
-Michael
 
T

Thomas =?ISO-8859-1?Q?Kr=FCger?=

Max said:
I have a collection of system admin scripts (on Win 2k) that I would
like to automate the execution of. However, some of them require the
use of logins with admin rights, and would therefore prefer not to
store the IDs in the clear text of the source. If memory serves
correctly, the "compiled" .pyc files do not provide much security in
this area.

Are there are recommended methods for supplying scripts with login
information in a secure fashion?
Click to expand...

Compiled Python scripts can be decompiled pretty easy. So they will not give
any security at all.
To store the password securely you can hash them with an algorithm like MD5.
For authentication you also hash the entered password and compare it with
the stored hash.

Thomas
 
C

Christopher A. Craig

I have a collection of system admin scripts (on Win 2k) that I would
like to automate the execution of. However, some of them require the
use of logins with admin rights, and would therefore prefer not to
store the IDs in the clear text of the source. If memory serves
correctly, the "compiled" .pyc files do not provide much security in
this area.

Are there are recommended methods for supplying scripts with login
information in a secure fashion?
Click to expand...

You cannot store passwords in a secure fashion and extract them
automatically. If there is an algorithm for extracting them (and
worse the algorithm is in the script) then they aren't secure.
 
R

Roger Upole

You could store the passwords in a file protected by NTFS encryption,
or set the file security to only allow administrators access.
hth
Roger
 
H

Harry George

Roger Upole said:
You could store the passwords in a file protected by NTFS encryption,
or set the file security to only allow administrators access.
hth
Roger
Click to expand...

Consider using ssh-agent. See "SSH The Secure Shell" from O'Reilly,
chapter on "Case Studies ... Unattended SSH: batch or cron".
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

secure ruby scripts for users 0
best practices for secure ASP.NET SQL application 0
Top 10 Technical requirements for In-Memory Reporting 0
Simple Login programming: Authentication does not work for me! 1
Accessing URL links inside of Tables 2
1 login for 2 separate secure apps on the same server - is this possible? 2
Prep Courses for International Certifications, CSTE & CSQA & ISEB & ISTQB &BA 0
Musatov claims "Mode/Code" 2

Members online

No members online now.
Total: 28 (members: 0, guests: 28)
Robots: 489

Forum statistics

Threads
473,769
Messages
2,569,579
Members
45,053
Latest member
BrodieSola

Latest Threads

Top