in reply to Re: Re: Re: perl2exe - no more secrets
in thread perl2exe - no more secrets
That is a pretty broad cast you've tossed there. ;-)
It depends on the job and the id involved.
If it was a script that only root would use, then there is not really a problem as long as nobody else gets access to the script.
If it is a lowlevel user id, you can debate it.
If it is a script that has root and its plaintext password embeded which everybody is going to use, then you have a gigantic hole(This was my situation).
Now as to embeded passwords being a security risk; a real life example.
Progammer A, thinks like you do. Programmer B hates programmer A and wants to see him fired. Progammer B finds A's password. Programmer B starts using A's account to delete things, print porn on the vice-presidents Assistents printer, etc....
We figured it out but not until after programmer A was put through a suspension(ie the pornography and the sexual harrasment policies).
|
---|