- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Secure password verification script
Operating System - HP-UX
1755676
Members
3495
Online
108837
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-27-2001 06:59 AM
тАО09-27-2001 06:59 AM
Secure password verification script
Hi,
I have a bit of a tricky problem. Our application support people have lots of scripts where they have hardcoded the application username and password. This creates a problem of me as sys admin, when I want to change this password.
I am looking for a way, where the script can lookup the password, so only one file would have to be changed for future password changes. This file also needs to be secure from all users.
I was looking at using grep, and having the file in a directory which only has execute rights. This hides the file, but once anyone knows the filename (which will have to be in the scripts) they will be able to read it.
I would greatly appreciate any help or suggestions on this (what about a secure database for example)
Thanks,
Kevin
I have a bit of a tricky problem. Our application support people have lots of scripts where they have hardcoded the application username and password. This creates a problem of me as sys admin, when I want to change this password.
I am looking for a way, where the script can lookup the password, so only one file would have to be changed for future password changes. This file also needs to be secure from all users.
I was looking at using grep, and having the file in a directory which only has execute rights. This hides the file, but once anyone knows the filename (which will have to be in the scripts) they will be able to read it.
I would greatly appreciate any help or suggestions on this (what about a secure database for example)
Thanks,
Kevin
Never put something off, for it may be your last chance
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-27-2001 07:16 AM
тАО09-27-2001 07:16 AM
Re: Secure password verification script
Hi Kevin:
If we place security aside for the moment, a general guideline for managing global variables is to place them in *one* file which is sourced (included) as needed. For scripts, you do this like by specifying a "dot" a "space" and the filename, as:
#!/usr/bin/sh
cd $HOME
. ./myfile #...source $HOME/myfile
Regards!
...JRF...
If we place security aside for the moment, a general guideline for managing global variables is to place them in *one* file which is sourced (included) as needed. For scripts, you do this like by specifying a "dot" a "space" and the filename, as:
#!/usr/bin/sh
cd $HOME
. ./myfile #...source $HOME/myfile
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-05-2001 07:14 AM
тАО10-05-2001 07:14 AM
Re: Secure password verification script
This all depends on what you're doing with the passwords and how they're been used.
If you want to do password look ups, you can use:
* blank textfile (but anybody who can run the script can see this - ergo only run scripts as special users which normal users don't have the passwords for)
* Database using OS authentication (bit overkill really!)
* Some proprietry progrsm to keep an encrypted filebase of user/passname/machine combinations and to authenticate and decrypt on current user.
All 3 of the above have their problems, all 3 are a pain to admin and all 3 could potentially show an account user/password to a simple 'ps' list.
A much better solution is to analyse how you're using your passwords. In general use passwords don't *need* to be used, you can:
* Passwords to databases: Use OS authentication, eg on oracle use OPS$ accounts.
* Passwords for file transfer: Use scp instead of ftp - this also stops cleartext passwords flying across the networks
* Spawning scripts as different users - use some creative scheduling to call the scripts from root's cron, or use a package which allows jobs tied together (eg Maestro, Control M)
My suggestion is to get your developers to defend *every* use of a cleartext password within a shell script/config file.
dave
If you want to do password look ups, you can use:
* blank textfile (but anybody who can run the script can see this - ergo only run scripts as special users which normal users don't have the passwords for)
* Database using OS authentication (bit overkill really!)
* Some proprietry progrsm to keep an encrypted filebase of user/passname/machine combinations and to authenticate and decrypt on current user.
All 3 of the above have their problems, all 3 are a pain to admin and all 3 could potentially show an account user/password to a simple 'ps' list.
A much better solution is to analyse how you're using your passwords. In general use passwords don't *need* to be used, you can:
* Passwords to databases: Use OS authentication, eg on oracle use OPS$ accounts.
* Passwords for file transfer: Use scp instead of ftp - this also stops cleartext passwords flying across the networks
* Spawning scripts as different users - use some creative scheduling to call the scripts from root's cron, or use a package which allows jobs tied together (eg Maestro, Control M)
My suggestion is to get your developers to defend *every* use of a cleartext password within a shell script/config file.
dave
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP