passwords in scripts

[Mr5o1 0]

Hi All,

Firstly a big thanks to the community at large. I administrate a small office and Autoit has turned out to be "just the thing" for lots of automated tasks. The forum is great and has been very helpful.. I've spent a number of hours over the last few weeks getting rid of all the .BAT files I can find.. and replacing them with autoit scripts. This is the first time I've encountered an issue which I cant find here already.

I'm writing a script to conduct daily backups. I use 7zip for the compressing and encrypting. Somehow I've got to have the script execute 7zip from the command line, including a password - which would of course later be used to decrypt the archive.

I'm thinking, if I include the password in the script, even though it will be compiled to .exe it could still be easily reverse engineered? and even if it couldnt, you could run the script - and monitor which arguments were passed to 7zip to get the password that way.

The best "workaround" I can come up with is to use a different random string for each backup and then email the password to myself. (My email obviously isnt checked or stored on this server) This also doesnt seem particularly secure but is the best I can think of??

I'm sure someone has had to deal with this themselves - any ideas?