Jump to content

Recommended Posts

Posted

I am wondering if i can use the RunAsSet function to create a simple compiled script that launches particular apps as particular users without them needing to know the password.

I am unsure however if once compiled there would be anyway for someone to find out the password???

Any help would be much appreciated.

  • Developers
Posted

Simple answer : NO

Technical Details

The compiled script and additional files added with FileInstall are compressed with my own (Jon) compression scheme.

Because a compiled script must "run" itself without a password it needs to be able to decrypt itself - i.e., the encryption is two-way. For this reason you should regard the compiled exe as being encoded rather than completely safe. For example, if I wrote a script that contained a username and password (say, for a desktop rollout) then I would be happy using something like a workstation-level user/password but I would not consider it safe for a domain/entire network password unless I was sure that the end-user would not have easy access to the .exe file.

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

  • 2 weeks later...
Posted

I am wondering if i can use the RunAsSet function to create a simple compiled script that launches particular apps as particular users without them needing to know the password.

I am unsure however if once compiled there would be anyway for someone to find out the password???

Any help would be much appreciated.

What I do is break the password up into two or three character strings and throw some dummy strings into the mix as well. Then I construct the password by appending the proper strings. Kind of like this:

$a = "pas"
$b = "mt"
$c = "swo"
$d = "not"
$e = "here"
$f = "rd"

$password = $a & $c & $f; ends up being "password"

If someone runs a strings command against your code, they won't find the password all at once. Still isn't 100% but is much better than simply having one string with a password in it.

A more secure option is to create your own password encoding program in AutoIt. Also create a decoding routine to include as a function in any program needing the password. Run the encoding program with your password, copy the resulting encoded password to your new program and use the decoding routine to re-create the original password. Just a thought.

Who lied and told you life would EVER be fair?

Posted

What I do is break the password up into two or three character strings and throw some dummy strings into the mix as well. Then I construct the password by appending the proper strings. Kind of like this:

$a = "pas"
$b = "mt"
$c = "swo"
$d = "not"
$e = "here"
$f = "rd"

$password = $a & $c & $f; ends up being "password"

If someone runs a strings command against your code, they won't find the password all at once. Still isn't 100% but is much better than simply having one string with a password in it.

A more secure option is to create your own password encoding program in AutoIt. Also create a decoding routine to include as a function in any program needing the password. Run the encoding program with your password, copy the resulting encoded password to your new program and use the decoding routine to re-create the original password. Just a thought.

lol your funny.

[quote name='AceLoc']I gots new sunglasses there cool.[/quote]

Posted (edited)

May be Yes and may be No. The data is there so if you dig deep enough you can get it out, but you will need to dig very deep, it's safe enough for you.

You can also use StringEncrypt to encrypt a string, paste that into the code and decrypt it when running the code.

Encrypting the string won't help because if you know the source then the decryption mechanism is staring you right in the face. The best way is to use obfuscation along with encryption.

Edited by DarthVega

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...