On Wed, Apr 01, 2009 at 02:33:20PM +0200, Tomasz Chmielewski wrote: > Otherwise, any usernames/passwords could be revealed too easily. Isn't this just security-by-obscurity? With the proper OS privilege level (Administrator, LOCALSYSTEM or equivalent), you'll have access to the username and password anyway, just with a tad more hassle. Indeed, that hassle have bitten me during debugging before. (As I remember it, the password was obscured by some trivial, two-way "encryption" in a registry key somewhere.) The username and password security lies solely with the fact that a regular user account won't have access to the relevant parts of the registry. It'd be as secure (and a lot more admin-friendly) to just store the settings somewhere and let the OS handle access rights, like it does anyway, IMHO. Cheers, -Berge -- Berge Schwebs Bjørlo Alegría! |