BradBurke Posted July 12, 2021 Posted July 12, 2021 My company's IT department wants to review how secure AutoIT is before approving its use. Do you have any documentation that addresses any data that your company stores about user created scripts? How secure are your scripts that are compiled as executables? Are there any security concerns we need to be aware of while developing and running scripts. What secure data do the logs store? How do we know your source code is not transferring data behind the scenes? Has your software had any security audits? Anything else we should know about?
Developers Jos Posted July 12, 2021 Developers Posted July 12, 2021 On 7/12/2021 at 8:21 PM, BradBurke said: Anything else we should know about? Expand With all respect, but what are you expecting as answer to your dumped list of questions of which several are totally void? Did you do any research yourself before asking as many are asked before and answered. ... and to be honest: How much trust should one put in the creators answer anyways? Jos TheDcoder 1 SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Musashi Posted July 12, 2021 Posted July 12, 2021 @BradBurke Just out of curiosity, have you also sent this list of questions to, say, Microsoft, regarding the use of .Net development software. If so, I would be interested in the answer (if you ever received one). On 7/12/2021 at 8:21 PM, BradBurke said: How secure are your scripts that are compiled as executables? Are there any security concerns we need to be aware of while developing and running scripts. Expand AutoIt scripts compiled as .exe contain, in simple terms, a tokenized version of the source code, along with the appropriate AutoIt Interpreter itself. So you should never store e.g. passwords or other sensitive data in the source code. However, this is explicitly not a weakness of AutoIt, it was simply not designed for this purpose. On 7/12/2021 at 8:21 PM, BradBurke said: How do we know your source code is not transferring data behind the scenes? Expand You should be far more concerned about what data will be sent from your operating system behind the scenes . TheDcoder 1 "In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move."
argumentum Posted July 13, 2021 Posted July 13, 2021 On 7/12/2021 at 8:21 PM, BradBurke said: Anything else we should know about? Expand lol, anyone that can not answer these questions by him/her self, should not be doing that job, as THAT is not the way to get those answers. There. A free lesson. ( Do click like -or HaHa- if you get to read this ) FrancescoDiMuro and TheDcoder 2 Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting.
spudw2k Posted July 13, 2021 Posted July 13, 2021 (edited) On 7/13/2021 at 3:19 AM, argumentum said: ( Do click like -or HaHa- if you get to read this ) Expand Soliciting likes? @BradBurke From my experience and knowledge, AutoIt won't do anything it isn't told to. So as far as how safe and secure is it, all depends on the script author. Edited July 13, 2021 by spudw2k argumentum 1 Reveal hidden contents Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX Builder Misc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retrieve SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose Array Projects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalc Cool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF
Somerset Posted July 13, 2021 Posted July 13, 2021 Lots of people here are just programmers for the fun of it, or a hobby as another way of stating it. There are professionals and experts in the field of programming over many types of of languages. If this were a professional company the people in charge would shake your hand, and show you the door as you quickly as you entered. Who are you? What company do you work for? What position do you hold in relation to the company? etc. Musashi 1
Musashi Posted July 13, 2021 Posted July 13, 2021 On 7/13/2021 at 6:55 AM, Somerset said: Who are you? What company do you work for? What position do you hold in relation to the company? Expand I'm really curious to see if these questions will be answered . My assumptions : Option 1 : An assistant (f,m,d), who has been tasked by its IT department to take a deeper look at AutoIt. Since it takes some effort to research the answers himself, he simply threw a list of questions into the room. Option 2: 'Just' a normal member who wants to appear important (and save some time as well). Option 3 (low probability) : The CEO of a global company who wants to use AutoIt for a new world-changing software product . "In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move."
TheDcoder Posted July 17, 2021 Posted July 17, 2021 On 7/12/2021 at 9:10 PM, Musashi said: So you should never store e.g. passwords or other sensitive data in the source code. However, this is explicitly not a weakness of AutoIt, it was simply not designed for this purpose. Expand This applies for all code, anything you store in your program can be easily extracted and decrypted... even big companies which specialize in anti-tampering technology fail. This is a fundamental flaw which arises from the fact that you want the machine to know the secret but not the user, in other words, you can't have your cake and eat it too Xandy and Musashi 1 1 EasyCodeIt - A cross-platform AutoIt implementation - Fund the development! (GitHub will double your donations for a limited time) DcodingTheWeb Forum - Follow for updates and Join for discussion
JockoDundee Posted July 19, 2021 Posted July 19, 2021 On 7/12/2021 at 8:21 PM, BradBurke said: How do we know your source code is not transferring data behind the scenes? Expand If only there was multi-threading TheDcoder 1 Code hard, but don’t hard code...
argumentum Posted July 29, 2021 Posted July 29, 2021 On 7/13/2021 at 3:19 AM, argumentum said: ( Do click like -or HaHa- if you get to read this ) Expand There. The OP did not login yet. Vote for me, "argumentum for moderator 2021". I'd close these type of thread because I'm mean and ... meh. PS: I would not like to be a moderator. I'd kill'em all. PS2: A big thank you to the moderation team. I would live with heartburn doing your job. TheDcoder 1 Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now