So you're working on a system where people you don't trust have root? You're basically screwed. Since they have root there's nothing they can't do. For example, suppose you succeed in hiding the password in your script - what's to stop your adversary from making a copy of your script and changing it to do whatever she wants, using your password?
I suggest you find a different machine to work on or convince the powers that be to restrict access to root.
-sam
| [reply] |
just do a rot13, and get some little obfu, ie dont call it $passwd nor its (de)cypher function &decypher...
Or/and write the password in hexa instead of Ascii, or mix everything...
Eventually, put this pass and decypher code in a file called ".. " (with the trailing space) which will be called from your script.
Mixing all of this can be really enough for a beginner admin...
Eventually, use some Acme::Bleach or Acme::Morse or stuff like that...
All this is useless against a smart user but should really do the job but remember: if you have a
decypher($passwd);
They will immediately do a
print decypher($passwd);
At least I would ^^
P! | [reply] |
As long as you know it's just obfuscated, not really protected, there are a lot of techniques you could use.
Rot13 might work (tr[a-z][m-za-l]), or you could try unpacking it to a string of hex digits and then packing it back when you're ready to use it. | [reply]
[d/l] |