On Mon, 30 Jul 2001 Jenny_Hopkins@toby-churchill.com wrote:
script to do this, I'm going to have to include my password in the script. The best I can find written about doing this anywhere just says that if you have to include a password in a text file, make sure there are no read permissions for users. But would you say it is dodgy to write stuff with passwords at all? How else would you get round this?
It depends on what the password is used for, I have put passwords in scripts to backup NT servers using smbmount but these machines were in a server room so there was no physical access to them and logins were restricted to sys-admin staff only.
What you could do is share another directory on the Windows box and protect it with a share level password and put that in the script so that people don't get your login password. At the end of the day you are also using M$ default security and if you are using Win9x there are far easier ways of getting the password from the machine and decrypting it (look for files call .pwl) and if you are using NT then create a new user for backups only, restrict the access the user has on the machine to only have r/w permission on the directory in question and don't worry about it.
I would go for it Jen, but you must remember that passwords are next to completely useless if someone who knows what they are doing gets physical access to the machines (which in this case I presume they will)
Adam