J
JohnF
I have a C program, used as a public cgi, where a few
of the commands it recognizes and runs should be
restricted to "authorized users". The consequences
of unauthorized use aren't horrendous, so I'm just
looking for enough security to keep out the riff-raff.
What's easy for me to implement is something like
#if !defined(PASSWORD)
#define PASSWORD "default_password"
#endif
static char password[129]=PASSWORD;
and compile it with
cc -DPASSWORD=\"secret_password\" etc.
and then make users enter an extra directive
\password{secret_password}
whenever they want to access restricted commands.
But compiled like this, the strings command run
against the cgi executable image would show the
compiled-in password. Again, the consequences
wouldn't be horrendous. But is there a way to
gently scramble the password a bit so the
executable image doesn't show it quite so easily,
and the code just unscrambles it whenever needed?
A constraint is that the person compiling the
program must still be able to enter the unscrambled
cc -DPASSWORD=\"secret_password\" etc.
And I also don't want that person to need a separate
small scrambling program, whereby he'd then enter
cc -DPASSWORD=\"$(scramble secret_password)\" etc.
So the scrambling must, I suppose, take place at
compile time, at the preprocessor level, while the
corresponding unscrambling would be done by the
program during execution. ... Or something like that.
Thanks for any suggestions,
of the commands it recognizes and runs should be
restricted to "authorized users". The consequences
of unauthorized use aren't horrendous, so I'm just
looking for enough security to keep out the riff-raff.
What's easy for me to implement is something like
#if !defined(PASSWORD)
#define PASSWORD "default_password"
#endif
static char password[129]=PASSWORD;
and compile it with
cc -DPASSWORD=\"secret_password\" etc.
and then make users enter an extra directive
\password{secret_password}
whenever they want to access restricted commands.
But compiled like this, the strings command run
against the cgi executable image would show the
compiled-in password. Again, the consequences
wouldn't be horrendous. But is there a way to
gently scramble the password a bit so the
executable image doesn't show it quite so easily,
and the code just unscrambles it whenever needed?
A constraint is that the person compiling the
program must still be able to enter the unscrambled
cc -DPASSWORD=\"secret_password\" etc.
And I also don't want that person to need a separate
small scrambling program, whereby he'd then enter
cc -DPASSWORD=\"$(scramble secret_password)\" etc.
So the scrambling must, I suppose, take place at
compile time, at the preprocessor level, while the
corresponding unscrambling would be done by the
program during execution. ... Or something like that.
Thanks for any suggestions,