Re: passing username/passwd between two processes securely...

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi Slava,
let me put a simple example to say it's still meaningful.

if username and paasword is in clear text on a local file, then everyone
else can see that password and use it to connect to server. So put
username/passwd in local file is not secure even we trust localsystem. If we
put it into shared memory, every process which knows the object name can get
passwd. We still feel it's not secure even we trust localsystem. We only
want the password is shared between two processes securely. An extreme case
is winlogon passwd only existes in one process.

Hopefully I didnot misunderstand you,

Regards,

-John



"Slava M. Usov" <stripit.slough@xxxxxxx> wrote in message
news:eE16fU73FHA.3000@xxxxxxxxxxxxxxxxxxxxxxx
> "John" <johnli1995@xxxxxxxxxxx> wrote in message
> news:Ng%9f.23601$6e1.3385@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> Yes!
>> "TC" <aatcbbtccctc@xxxxxxxxx> wrote in message
>> news:1130916526.031149.204720@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>> Ah, I get it now.
>>>
>>> P2 generates a keypair at runtime & sends the public key to P1. P1 uses
>>> that to encrypt a message back to P2. P2 uses its (just generated)
>>> private key to decrypt the message from P1. The public & private keys
>>> were both generated at runtime & do not exist in either sourcecode.
>
> If LocalSystem is not trusted, your "security" is a typical case of
> "security-by-obscurity". If LocalSystem _is_ trusted, none of this is
> required.
>
> S
>
>


.

Relevant Pages

  • Re: Wachovias web page security
    ... Note the URL displayed on the error message. ... that the page is secure. ... The only difference is that on my web page when you enter your username ...
    (misc.consumers)
  • Re: Authorization code for access to administration - Dialog ask for login and password three ti
    ... As you wrote that if I want more secure code, I would ask, do you ... username password pair which should be unique. ... so the query is too ambiguous for my taste. ... Injection isnt possible into the AUTH_PASSWORD variable here, ...
    (comp.lang.php)
  • Re: Cannot Access Access
    ... Use the workgroup administrator to rejoin system.mdw. ... you can use a desktop shortcut to launch your secure mdb. ... Try a username with a blank/null password. ... the wizard would have created a backup of your mdb - look in the folder for a file with the same name but a bak extension. ...
    (microsoft.public.access.security)
  • Re: Internet Explorer and Opera local zone restriction bypass
    ... allow us to link to local files without knowing the username. ... > Microsoft Internet Explorer does not allow local file access by a remote host by default. ... > By creating an iframe which points on a specially crafted cgi script (using the location header ...
    (Bugtraq)
  • Re: WHATS BEST OF SECURITY TOKEN ?
    ... to username token, the X509 token is secure,but slow. ... or i need to buy a CA certificate from Big company,microsoft or whatever? ... > create policies will only give you a limited range of policies that you ...
    (microsoft.public.dotnet.framework.webservices.enhancements)