Hard coded passwords in UX scripts
Results 1 to 6 of 6

Thread: Hard coded passwords in UX scripts

  1. #1
    Member
    Join Date
    Feb 2003
    Posts
    94

    Hard coded passwords in UX scripts

    Greetings all-

    I am sitting in a planning meeting to start preparing for an audit. Yes - good times. One thing we are running into is hard-coded passwords in scripts. I know, I know, but they are still are out there. These are running under HPUX and have varied in programming from ksh, csh, and perl. My question is what are the viable solutions instead of hard coding passwords in scripts that would allow for automation.

    Let me know what you think!

    Thanks in advance!

    \"Quis custodiet ipsos custodes?\"
    -Juvenal

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Depends what kind of passwords they are.

    If they are passwords for remote systems that you need to script stuff on remote boxes (like rsh and such like), you might be better off using ssh and RSA authentication to allow secure passwordless logins to the accounts necessary.

    If they are database passwords, it's a bit more tricky - they obviously have to be stored somewhere. You could have the shell set them in environment variables in login.

    Tell us what kind of passwords they are and there might be specific solutions to remove the requirement to store them at all.

  3. #3
    Member
    Join Date
    Feb 2003
    Posts
    94
    They are passwords for remote systems (akin with r* commands). We are also piloting SSH here already, and it sounds like that may be the key.

    Database passwords are also a problem, but we think we can attack the os script passwords a little bit better and quicker.
    \"Quis custodiet ipsos custodes?\"
    -Juvenal

  4. #4
    Junior Member
    Join Date
    Apr 2003
    Posts
    4
    A quick and dirty fix (until the auditor goes away and lets you concentrate on REALk security) could be th use of a "shell script compler". Loof or example at http://www.datsi.fi.upm.es/~frosal/frosal.html

  5. #5
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670
    I think you answered your own question with SSH. SSH lets you run individual commands on a remote system across a network. SSH can use the ".rhosts" file used by the rlogin suite of utilities, or you can use the ".shosts" file suggested by the SSH man page. If you need a replacement for FTP across a network, you can also run SCP without a password provided you have the proper .r/shosts file setup.
    /* You are not expected to understand this. */

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by roswell1329
    I think you answered your own question with SSH. SSH lets you run individual commands on a remote system across a network. SSH can use the ".rhosts" file used by the rlogin suite of utilities, or you can use the ".shosts" file suggested by the SSH man page. If you need a replacement for FTP across a network, you can also run SCP without a password provided you have the proper .r/shosts file setup.
    You can also use sftp as a drop-in replacement for legacy ftp scripts.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •