There is a question that turns up here fairly regularly regarding encrypting scripts and the answer has always been that you cannot encrypt a script. You can encode it but that is easily reversed.
Here at my work there are a few instances where scripts need to have a password in them for whatever reason. We have always done our best to mitigate the risk that this represents by isolating whatever system that the password is for whenever possible.
I may have found another layer that we can use to mitigate this risk. I just learned of Alternative Data Streams. It is only valid for NTFS file systems, but that is all we have here anyway. I am wondering if there is a drawback to putting the passwords into files and hiding them using ADS. I realize that the stream name will still be in clear text in the script, but as I say, I'm just looking to essentially add one more layer of obfuscation to the script. Is there some pitfall related to using ADS that I'm not seeing? Has anyone done anything like this already? Any other advice?
[red]"... isn't sanity really just a one trick pony anyway?! I mean, all you get is one trick, rational thinking, but when you are good and crazy, oooh, oooh, oooh, the sky is the limit!" - The Tick[/red]
Here at my work there are a few instances where scripts need to have a password in them for whatever reason. We have always done our best to mitigate the risk that this represents by isolating whatever system that the password is for whenever possible.
I may have found another layer that we can use to mitigate this risk. I just learned of Alternative Data Streams. It is only valid for NTFS file systems, but that is all we have here anyway. I am wondering if there is a drawback to putting the passwords into files and hiding them using ADS. I realize that the stream name will still be in clear text in the script, but as I say, I'm just looking to essentially add one more layer of obfuscation to the script. Is there some pitfall related to using ADS that I'm not seeing? Has anyone done anything like this already? Any other advice?
[red]"... isn't sanity really just a one trick pony anyway?! I mean, all you get is one trick, rational thinking, but when you are good and crazy, oooh, oooh, oooh, the sky is the limit!" - The Tick[/red]