On Fri, Apr 03, 2009 at 10:52:13AM +0200, Tomasz Chmielewski wrote: > Sure - with proper privilege level, time and resources, no password is > secure. True, but for strong passwords, this is only given enough time (where "enough" can have very high values). Even so, WPKG Client needs to access its %SOFTWARE% share credentials in plain text somehow, so no amount of encryption will help if you can access the same data with the same privileges as WPKG Client. > That's why it's best to: > - use SYSTEM account for executing processes started by WPKG Client > - use credentials which only allow access to your %SOFTWARE% share (but > don't allow to log in) Indeed, I agree. However, my point was as to where to store the %SOFTWARE% share credentials, and obscuring them is not a security measure, as they need to be available in plain text at some point anyway. > Even better yet, with the latest testing release of WPKG Client, it is > possible to connect to a share with computer credentials. However, I'd like > to get more feedback about it (if/how it works). I haven't tried it, but it sounds interesting. I'll give it a spin and report back on it over easter, I guess. Cheers, -B -- Berge Schwebs Bjørlo Alegría! |