[Mpls-pm] Secure scripts question
Ken Williams
ken at mathforum.org
Wed May 17 19:35:05 PDT 2006
On May 17, 2006, at 10:27 AM, Miner, Alan G wrote:
> The basic question is: Is there a better way to secure passwords in
> scripts?
>
> We have many perl and ksh scripts that do many things (Unix and Win).
> They call applications and must provide security credentials in that
> batch process. The credentials are kept in a file that only the
> user/group can read, and the passwords themselves are encrypted within
> that file.
Personally I usually skip that second part. If you're running on a
secure enough operating system (e.g. your Unix stuff) then file
permissions are secure and about as simple as things get.
If you don't trust OS-level permissions to provide security, then
encrypting the passwords is probably just giving a false sense of
security. In a sense it does provide a kind of "two factor" security
I suppose, but both factors really just boil down to OS-level security.
-Ken
More information about the Mpls-pm
mailing list