[wpkg-users] WPKG Client settings
Berge Schwebs Bjørlo
berge at trivini.no
Fri Apr 3 10:26:59 CEST 2009
On Wed, Apr 01, 2009 at 02:33:20PM +0200, Tomasz Chmielewski wrote:
> Otherwise, any usernames/passwords could be revealed too easily.
Isn't this just security-by-obscurity? With the proper OS privilege level
(Administrator, LOCALSYSTEM or equivalent), you'll have access to the
username and password anyway, just with a tad more hassle. Indeed, that
hassle have bitten me during debugging before. (As I remember it, the
password was obscured by some trivial, two-way "encryption" in a registry key
somewhere.)
The username and password security lies solely with the fact that a regular
user account won't have access to the relevant parts of the registry. It'd be
as secure (and a lot more admin-friendly) to just store the settings
somewhere and let the OS handle access rights, like it does anyway, IMHO.
Cheers,
-Berge
--
Berge Schwebs Bjørlo
Alegría!
More information about the wpkg-users
mailing list