P is for Practical | |
PerlMonks |
Re: Re: Re: perl2exe - no more secretsby Marza (Vicar) |
on Apr 23, 2003 at 22:50 UTC ( [id://252707]=note: print w/replies, xml ) | Need Help?? |
That is a pretty broad cast you've tossed there. ;-) It depends on the job and the id involved. If it was a script that only root would use, then there is not really a problem as long as nobody else gets access to the script. If it is a lowlevel user id, you can debate it. If it is a script that has root and its plaintext password embeded which everybody is going to use, then you have a gigantic hole(This was my situation). Now as to embeded passwords being a security risk; a real life example. Progammer A, thinks like you do. Programmer B hates programmer A and wants to see him fired. Progammer B finds A's password. Programmer B starts using A's account to delete things, print porn on the vice-presidents Assistents printer, etc.... We figured it out but not until after programmer A was put through a suspension(ie the pornography and the sexual harrasment policies).
In Section
Meditations
|
|