MACSCRPT Archives

March 2013

MACSCRPT@LISTSERV.DARTMOUTH.EDU

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Stan Cleveland <[log in to unmask]>
Reply To:
Macintosh Scripting Systems <[log in to unmask]>
Date:
Wed, 6 Mar 2013 13:13:13 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (12 lines)
On Mar 6, 2013, at 12:17 PM, SUBSCRIBE MACSCRPT Inyo55 wrote:

> I have a script that has to remotely do admin tasks on a Mac workstation.  To that end, the shell script command string in the script has the secret password for the admin account in plain text.  Is there anyway to hide this (other than locking the script)?

Hi Bob,

Check out the topic "Obfuscation of Hard-Coded Data in an AppleScript" at codemunki.com. As with the suggestions by Ed and Deivy, this method is just a smokescreen and not really "secure". However, it is a bit more secure if you store only the ciphertext in the target script, and not the handler that deciphers it.

You could use 'load script' to access the handler or put it into a custom module for a library loading utility like AppleMods (http://applemods.sourceforge.net) or XModules (http://www.script-factory.net/XModules/en/index.html). This still isn't very secure. Any good scripter would be able to reverse engineer and acquire the password, but it would keep everyone else in the dark.

Stan C.

ATOM RSS1 RSS2