Pathologically Eclectic Rubbish Lister | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Here's why it won't work: no matter how you obfuscate the password and the code to unobfuscate it, the program will still be able to generate the password. And that's where "Red Team" will strike. Observe:
Along comes "Red Team" and tries to crack the system. They read the manual for "externalprogram" and find out that the "-p" flag is for the password, so they edit the run() subroutine to this:
If they have access to the script which generates the password, they can find out what the password is, no matter how you obfuscate it. Probably the best you can do is to chmod go-rwx script. Then they'll have to crack the user account or root to read the script. In reply to Re^3: How to hide a password in a script?
by beable
|
|