Just curious if anyone has any thoughts about what best practice would
be for something like this...
We want to write a program that will send the user (via email) a
password when they click a button. Also, it will send the email to a
support team who will log that the password has been requested so they
can then change the password (and recompile the program). Seems
simple enough.
The problems I can think of are:
1. how do you encrypt this password from casual viewing (executing
unix commnand: strings <exe name>) for example. I suggested using the
ascii code to print the string. seems simple enough.
2. how do you encrypt this password from more aggressive viewing, ie
someone looking at the source code, pulling the project files out of
the repository (we use cvs, for example). My thought was to either
put the password as a build option on the compiler (which would
necessitate adding an option before each compile), or to put the whole
project into cvs as a zip file with the password on it, assuming that
the support staff will know that password.
5  1752 
J.Steiner wrote: Just curious if anyone has any thoughts about what best practice would
be for something like this...
We want to write a program that will send the user (via email) a
password when they click a button. Also, it will send the email to a
support team who will log that the password has been requested so they
can then change the password (and recompile the program). Seems
simple enough.
The problems I can think of are:
1. how do you encrypt this password from casual viewing (executing
unix commnand: strings <exe name>) for example. I suggested using the
ascii code to print the string. seems simple enough.
I am not sure what you mean by "using the ascii code to print the string".
The simplest solution I've seen suggested in many places is to have a char
array and assign the respective characters in reverse. The mere mixing up
of the single characters with the code will be enough to hide them:
char password[10] = {0};
password[7] = 'd';
password[6] = 'r';
password[5] = 'o';
password[4] = 'w';
password[3] = 's';
password[2] = 's';
password[1] = 'a';
password[0] = 'p';
You could also intertwine some other code into the assignments just to
keep the assignments apart and at random code offsets.
2. how do you encrypt this password from more aggressive viewing, ie
someone looking at the source code, pulling the project files out of
the repository (we use cvs, for example). My thought was to either
put the password as a build option on the compiler (which would
necessitate adding an option before each compile), or to put the whole
project into cvs as a zip file with the password on it, assuming that
the support staff will know that password.
This is beyond the scope of this newsgroup, isn't it? Keep the password
in a separate file altogether and let the program retrieve it only when
it is needed.
V
"J.Steiner" wrote: Just curious if anyone has any thoughts about what best practice would
be for something like this...
We want to write a program that will send the user (via email) a
password when they click a button. Also, it will send the email to a
support team who will log that the password has been requested so they
can then change the password (and recompile the program). Seems
simple enough.
The problems I can think of are:
1. how do you encrypt this password from casual viewing (executing
unix commnand: strings <exe name>) for example. I suggested using the
ascii code to print the string. seems simple enough.
2. how do you encrypt this password from more aggressive viewing, ie
someone looking at the source code, pulling the project files out of
the repository (we use cvs, for example). My thought was to either
put the password as a build option on the compiler (which would
necessitate adding an option before each compile), or to put the whole
project into cvs as a zip file with the password on it, assuming that
the support staff will know that password.
one solution is to write a utility that generates a 'scrambled' password;
optionally it can embed the byte codes into the program so it will be
accessible on the next compile (or even modify the EXE version of the file
and obviate a compile). Your program then unscrambles it prior to
emailing it. This is harder to break, although obviously anyone who has
unlimited access to your source code (and many others who don't) and who
has time on their hands will break this scheme too.
David ja**********@gmail.com (J.Steiner) wrote in message news:<40**************************@posting.google. com>... Just curious if anyone has any thoughts about what best practice would
be for something like this...
We want to write a program that will send the user (via email) a
password when they click a button. Also, it will send the email to a
support team who will log that the password has been requested so they
can then change the password (and recompile the program).
Don't store passwords, store MD5 hashes.
Regards,
Michiel Salters
unless i'm mistaken, that would only be good if the user knew the
password. in this case he doesn't know it until i tell it to him (by
clicking a button requesting it).
anyway, it might be off topic, so for that i apologize. i thought it
might be an interesting question for someone. Mi*************@logicacmg.com (Michiel Salters) wrote in message news:<fc**************************@posting.google. com>... ja**********@gmail.com (J.Steiner) wrote in message news:<40**************************@posting.google. com>... Just curious if anyone has any thoughts about what best practice would
be for something like this...
We want to write a program that will send the user (via email) a
password when they click a button. Also, it will send the email to a
support team who will log that the password has been requested so they
can then change the password (and recompile the program).
Don't store passwords, store MD5 hashes.
Regards,
Michiel Salters
J.Steiner wrote: unless i'm mistaken, that would only be good if the user knew the
password. in this case he doesn't know it until i tell it to him (by
clicking a button requesting it).
anyway, it might be off topic, so for that i apologize. i thought it
might be an interesting question for someone.
(a) Please don't top-post.
(b) Try comp.security.* hierarchy of newsgroups.
Mi*************@logicacmg.com (Michiel Salters) wrote in message news:<fc**************************@posting.google. com>...
ja**********@gmail.com (J.Steiner) wrote in message news:<40**************************@posting.google. com>...
Just curious if anyone has any thoughts about what best practice would
be for something like this...
We want to write a program that will send the user (via email) a
password when they click a button. Also, it will send the email to a
support team who will log that the password has been requested so they
can then change the password (and recompile the program).
Don't store passwords, store MD5 hashes.
Regards,
Michiel Salters
V This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Stone |
last post by:
I have a compiled Pcode VB6 application with 1 published and 9
never-published
alphanumeric string contants embedded in the program for passwords.
The code simply has lines like this in a FORM...
|
by: jordi |
last post by:
Hi,
I'm starting to use Python embedded in a C program. I'm using Python
to execute several scripts using as a variables information retrieved
for several multithread "agents" written in C. ...
|
by: Roose |
last post by:
With some googling I have found these resources:
http://docs.python.org/ext/win-dlls.html
http://www.python.org/doc/faq/windows.html
I have a large Win32/MFC/C/C++ application that has an...
|
by: Florian Lindner |
last post by:
Hello,
I've a scripts that allows limited manipulation of a database to users. This
script of course needs to save a password for the database connection. The
users, on the other hand need read...
|
by: Elliot Temple |
last post by:
Hi I have two questions. Could someone explain to me why Python is
case sensitive? I find that annoying. Also, why aren't there
multiline comments? Would adding them cause a problem of some...
|
by: Bryan Harrington |
last post by:
Hello all, I have a requirement to enforce strong passwords from a customer,
and I can only assume they won't be the last to ask for it.
Does anyone have any pointers for handling complex...
|
by: John Buchmann |
last post by:
In my web.config, I have a section that has a name and
password:
<credentials passwordFormat="Clear">
<user name="aaa" password="bbb" />
</credentials>
Is this secure? What is to stop...
|
by: Showjumper |
last post by:
How can i go about doing case sensitive passwords w/ forms auth, vbnet and
asp.net 1.1?
I found an msdn mag article that used cast as varbinary in the sql statement
but i cant get it to work. Is...
|
by: Eric Wertman |
last post by:
I've a number of scripts set up that require a username/password
combination to log in elsewhere. It's gotten to the point where I
need to keep them in a more secure location, instead of just in...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
| |
