SWA: protect the user and pw text? (62 Views)
Honored Contributor
Posts: 14,404
Registered: ‎05-29-2000
Message 1 of 2 (62 Views)

SWA: protect the user and pw text?

Since the ITRC user ID and password are currently required to be in plain text format on the command line or in the swa.conf file, can you add code to enforce read only by root for the file (chmod 600) and 700 permissions for $HOME/.swa directory? Adding an interactive ID/pw check is OK for a few systems but for dozens of systems and automated analysis, this is too cumbersome. The permission controls are similar to .ssh files.
Honored Contributor
Posts: 13,903
Registered: ‎06-21-2000
Message 2 of 2 (62 Views)

Re: SWA: protect the user and pw text?

If passwords are going to be stored plain-text, the file definitely needs protection. However, there should be some mechanism for hashing the password and storing the hash instead.

For an idea in that realm, see my last comment here:


The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.