Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Hiding passwords

RE: Hiding passwords

From: Bob Metelsky <bmetelsky_at_cps92.com>
Date: Thu, 02 Oct 2003 09:39:47 -0800
Message-ID: <F001.005D1D46.20031002093947@fatcity.com> 





That's very interesting... Thank you. Do you know how that can be set in
an env variable? Or how the hidden variable can be passed around?



Eg



C:\ads>set var=<file.txt:pwd


Or


C:\ads>set var=more<file.txt:pwd



Echo %var%


C:\ads> echo is on



???



Thanks


Bob



>In Windows2000 you can encrypt a file... Not sure how well that would

work


>though, since if you install your software as local administrator (not

good


>practice) then anyone else who logs in as administrator would be able

to see


>/ run the file too...

 




Here is a little known trick of NTFS file systems.
It's called "data streams".


D:\>del file.txt
D:\>echo Some stuff > file.txt
D:\>echo and its password >file.txt:pwd
D:\>dir




 Volume in drive D is OS


 Volume Serial Number is A4BA-68F3


 Directory of D:\

24/09/2003  11:19p                  13 file.txt


(note the file size!)


D:\>type file.txt


Some stuff


D:\>type file.txt:pwd


The filename, directory name, or volume label syntax is incorrect.
D:\>more <file.txt:pwd


and its password


D:\>



I'm sure there are some interesting uses to be explored here
to hide Oracle passwords!  ;)


Note: the hidden data stream name can be ANY filename string and is
subject


to security.  This was used initially in NTFS to support the Mac
resource 


fork file format in file servers.  It is still there and won't go away
any 


time soon as IIS uses it.



MS Knowledge base article 105763 discusses this in detail.
You can also search google for some details.  Use "alternate data
streams".


Careful: this is used by some virus writers!!!



Cheers


Nuno Souto


nsouto_at_optusnet.com.au

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Nuno Souto
  INET: nsouto_at_optusnet.com.au

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Bob Metelsky
  INET: bmetelsky_at_cps92.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Thu Oct 02 2003 - 12:39:47 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US