Path: utzoo!utgpu!water!watmath!clyde!att!rutgers!gatech!uflorida!beach.cis.ufl.edu!jmb
From: jmb@beach.cis.ufl.edu (John M Boof)
Newsgroups: comp.os.vms
Subject: Re: creating a file in my account from another userid.
Summary: Don't hard-code unhashed passwords in ANY file on the system.
Message-ID: <16542@uflorida.cis.ufl.EDU>
Date: 10 Jul 88 12:00:41 GMT
References: <8807061616.AA01095@ucbvax.Berkeley.EDU>
Sender: news@uflorida.cis.ufl.EDU
Reply-To: jmb@beach.cis.ufl.edu ()
Organization: UF CIS Department
Lines: 41


( Geoffrey has a program as part of a BBS program which opens files with
  his username and password through a network connection.  His password
  is contained in the code, but nobody there has figured out how to find
  it yet... )

Hard-coding your password in a program IS highly dangerous, especially
when you are letting many people run the program.  A mistake such as
opening the file to read access for these people would leave your
password out 'in the middle of the road', unless you have encoded it
within your code.  Even then, the debugger, or other methods, can be
used to find the location of the password when you store it after
decoding it.  Besides all that, no file can be completely safe from
access, and this is basically why no security-conscious systems store
passwords in their original form.

It would be much less risky if you tried to hide access that would only
work for that file, rather than trying to hide access to the whole
account by endangering your password.  At our system, people usually
resort to trying to hide the file, by removing it and using the fid
number, burrying it in directories, confuse the SHOW DEV/FIL output by
using pointers and removing latest one, or other ideas.  I personally
feel that the MAIL facility keeps a nice record format for a BBS system
that can overlay it, using MAIL's privileges to open the files, a
message pre-processor/editor, and a message post-processor (run in time
intervals or done manually by a board operator).  Of course, the
'correct?' way would be to get the program installed with privs, only
using them when opening the files to write to, but I am assuming that
this is not one of your alternatives.


...JMBoof
_____________________________________________________________________________
Addresses in order of preference:
ARPA-InterNet:   VAX/VMS:     boof%oak.decnet@pine.circa.ufl.edu  or
                              boof@pine.circa.ufl.edu
                 Gould UNIX:  jmb@beach.cis.ufl.edu
UUCP:            Gould UNIX:  ... !uflorida!beach.cis.ufl.edu!jmb
BITNET:          VAX/VMS:     boof@ufpine
                 IBM VM/CMS:  $$$YEQ#@NERVM
_____________________________________________________________________________