Jump to content

Security questions for AutoIT approval


Recommended Posts

My company's IT department wants to review how secure AutoIT is before approving its use. 

Do you have any documentation that addresses any data that your company stores about user created scripts?

How secure are your scripts that are compiled as executables?

Are there any security concerns we need to be aware of while developing and running scripts.

What secure data do the logs store?

How do we know your source code is not transferring data behind the scenes?

Has your software had any security audits?

Anything else we should know about?

Link to post
Share on other sites
  • Developers
4 minutes ago, BradBurke said:

Anything else we should know about?

With all respect, but what are you expecting as answer to your dumped list of questions of which several are totally void?
Did you do any research yourself before asking as many are asked before and answered.
... and to be honest: How much trust should one put in the creators answer anyways?

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to post
Share on other sites

@BradBurke

Just out of curiosity, have you also sent this list of questions to, say, Microsoft, regarding the use of .Net development software. If so, I would be interested in the answer (if you ever received one).

33 minutes ago, BradBurke said:

How secure are your scripts that are compiled as executables?

Are there any security concerns we need to be aware of while developing and running scripts.

AutoIt scripts compiled as .exe contain, in simple terms, a tokenized version of the source code, along with the appropriate AutoIt Interpreter itself. So you should never store e.g. passwords or other sensitive data in the source code. However, this is explicitly not a weakness of AutoIt, it was simply not designed for this purpose

46 minutes ago, BradBurke said:

How do we know your source code is not transferring data behind the scenes?

You should be far more concerned about what data will be sent from your operating system behind the scenes ;).

Musashi-C64.png

"In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move."

Link to post
Share on other sites
6 hours ago, BradBurke said:

Anything else we should know about?

lol, anyone that can not answer these questions by him/her self, should not be doing that job, as THAT is not the way to get those answers.
There. A free lesson.

( Do click like -or HaHa- if you get to read this )

Link to post
Share on other sites
13 minutes ago, argumentum said:

( Do click like -or HaHa- if you get to read this )

Soliciting likes?

 

@BradBurke

From my experience and knowledge, AutoIt won't do anything it isn't told to.  So as far as how safe and secure is it, all depends on the script author. 

Edited by spudw2k
Link to post
Share on other sites

Lots of people here are just programmers for the fun of it, or a hobby as another way of stating it.

There are professionals and experts in the field of programming over many types of of languages.

If this were a professional company the people in charge would shake your hand, and show you the door as you quickly as you entered.

Who are you?

What company do you work for?

What position do you hold in relation to the company?

etc.
 

 

Link to post
Share on other sites
2 hours ago, Somerset said:

Who are you?  What company do you work for?  What position do you hold in relation to the company?

I'm really curious to see if these questions will be answered :lol:.

My assumptions :

Option 1 :
An assistant (f,m,d), who has been tasked by its IT department to take a deeper look at AutoIt. Since it takes some effort to research the answers himself, he simply threw a list of questions into the room. 

Option 2:
'Just' a normal member who wants to appear important (and save some time as well).

Option 3 (low probability) :
The CEO of a global company who wants to use AutoIt for a new world-changing software product ;).

Musashi-C64.png

"In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move."

Link to post
Share on other sites
On 7/13/2021 at 2:40 AM, Musashi said:

So you should never store e.g. passwords or other sensitive data in the source code. However, this is explicitly not a weakness of AutoIt, it was simply not designed for this purpose

This applies for all code, anything you store in your program can be easily extracted and decrypted... even big companies which specialize in anti-tampering technology fail. This is a fundamental flaw which arises from the fact that you want the machine to know the secret but not the user, in other words, you can't have your cake and eat it too :muttley:

EasyCodeIt - A cross-platform AutoIt implementation

DcodingTheWeb Forum - Follow for updates and Join for discussion

Link to post
Share on other sites
  • 2 weeks later...
On 7/12/2021 at 11:19 PM, argumentum said:

( Do click like -or HaHa- if you get to read this )

There. The OP did not login yet. Vote for me, "argumentum for moderator 2021". I'd close these type of thread because I'm mean and ... meh. :)

PS: I would not like to be a moderator. I'd kill'em all. :D

PS2: A big thank you to the moderation team. I would live with heartburn doing your job. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...