Re: SWA: protect the user and pw text? (25 Views)
Reply
Honored Contributor
Bill Hassell
Posts: 14,178
Registered: ‎05-29-2000
Message 1 of 2 (25 Views)

SWA: protect the user and pw text?

Since the ITRC user ID and password are currently required to be in plain text format on the command line or in the swa.conf file, can you add code to enforce read only by root for the file (chmod 600) and 700 permissions for $HOME/.swa directory? Adding an interactive ID/pw check is OK for a few systems but for dozens of systems and automated analysis, this is too cumbersome. The permission controls are similar to .ssh files.
Please use plain text.
Honored Contributor
Patrick Wallek
Posts: 13,718
Registered: ‎06-21-2000
Message 2 of 2 (25 Views)

Re: SWA: protect the user and pw text?

If passwords are going to be stored plain-text, the file definitely needs protection. However, there should be some mechanism for hashing the password and storing the hash instead.

For an idea in that realm, see my last comment here:

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1451058

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation