[THIN] Re: Unintended Install Security

  • From: "Braebaum, Neil" <Neil.Braebaum@xxxxxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Thu, 29 Apr 2004 09:36:03 +0100

Script encoding tends to be more for web / browser / HTA code.

The best way would be either something compiled *and* obfuscated within
the code (because executables can still be read if there's password
embedded as string literals) - or simply obfuscate it within your
scripted code.

Not storing things as string literals within either scripts, or
executables isn't exactly / particularly secure, but it covers the
tracks for the casual looker.

Neil

> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx 
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeff Durbin
> Sent: 28 April 2004 20:49
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Unintended Install Security
> 
> VBScript can be encoded:
> 
> http://www.microsoft.com/mind/0899/scriptengine/scriptengine.asp
> 
>   If you've got a batch file, there are lots of programs that 
> can compile
> them:
> 
> http://www.fileheaven.com/Batch-File-Compiler/download/45.htm
> 
> JD
> 
> > -----Original Message-----
> > From: thin-bounce@xxxxxxxxxxxxx
> > [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Watts
> > Sent: Wednesday, 28 April 2004 11:47 p.m.
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Unintended Install Security
> > 
> > I am creating a unintended install of Metaframe FR3 that
> > automatically joins the farm. I am using the unintended.exe 
> > that is shipped with FR3. Everything works great but now the 
> > customer is concerned that I have the username and password 
> > to the SQL datastore (using NT authentication). Is their a 
> > way to encrypt this into a script? Would compiling a script 
> > as a exe with kixeditor secure this?  Thanks in Advance!

***********************************************
This e-mail and its attachments are confidential
and are intended for the above named recipient
only. If this has come to you in error, please 
notify the sender immediately and delete this 
e-mail from your system.
You must take no action based on this, nor must 
you copy or disclose it or any part of its contents 
to any person or organisation.
Statements and opinions contained in this email may 
not necessarily represent those of Littlewoods.
Please note that e-mail communications may be monitored.
The registered office of Littlewoods Limited and its
subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB.
Registered number of Littlewoods Limited is 262152.
************************************************

********************************************************
This week's sponsor - Emergent Online
Emergent delivers end-to-end solutions for private and public sector clients. 
From centralized application management, business continuity, outsourcing, to 
application development, security, and messaging solutions.
http://www.go-eol.com/index.asp
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts: