|Keep It Simple, Stupid|
Re: Re: Re: perl2exe - no more secretsby Marza (Vicar)
|on Apr 23, 2003 at 22:50 UTC||Need Help??|
That is a pretty broad cast you've tossed there. ;-)
It depends on the job and the id involved.
If it was a script that only root would use, then there is not really a problem as long as nobody else gets access to the script.
If it is a lowlevel user id, you can debate it.
If it is a script that has root and its plaintext password embeded which everybody is going to use, then you have a gigantic hole(This was my situation).
Now as to embeded passwords being a security risk; a real life example.
Progammer A, thinks like you do. Programmer B hates programmer A and wants to see him fired. Progammer B finds A's password. Programmer B starts using A's account to delete things, print porn on the vice-presidents Assistents printer, etc....
We figured it out but not until after programmer A was put through a suspension(ie the pornography and the sexual harrasment policies).