|
|
Posted by Skeets on 02/22/06 21:14
thaks for the input. i agree this is a security nightmare, but the
product engineer wants to do this. the product is a stand alone
product. the laptop is hooked up directly to the product and the
product has no internet access. however, if the laptiop was wirelessly
on a network while accessing the product, security might be an issue.
i think the goal of the product engineer is as follows:
1. only allow a person who has root access to access the product's
program.
2. if the root password is changed, the password for the program should
be changed, too - thus enabling the root password holder access w/o the
pain of setting the password twice.
i am using a xml file as a db, however, that wouldn't meet criteria #2
above, unless there was a way to automatically update the password in
the file when the root password was updated.
obviously, i wouldn't want this in plain text. ;-)
my thought is to get the encrypted value of the root password into php
(not the actual password, mind you) into php and then compare it to the
encrypted value of the user input.
1. i'd need to have access to the encrypted root password (link,
symlink, maybe).
2. i'd need to know the encryption method so i could duplicate the
process in php and compare the encrypted password values.
is this doable?
i will mull over tihu's code and see if it applies to this case. the
product shouldn't be connected to the net, but i don't know if the
accessing laptop will be connected to the internet while accessing the
product.
Navigation:
[Reply to this message]
|