http://qs321.pair.com?node_id=1183368


in reply to Re: How can a script use a password without making the password visible?
in thread How can a script use a password without making the password visible?

If the coder has enough access rights to edit the script, he has access to the credentials needed to access the external pasword storage and/or he can edit the script to expose the pasword.

Write access is not needed, read access is sufficient: Just copy the script, modify the copy, run the copy.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Replies are listed 'Best First'.
Re^3: How can a script use a password without making the password visible?
by CountZero (Bishop) on Mar 05, 2017 at 10:25 UTC
    Reading and local editing is not enough. He must be able to write the edited script on the system where he found it in order to have it run there.

    CountZero

    A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

    My blog: Imperial Deltronics