Dear,

We read the rest of this topic and here is our long reaction:

  • RE-TheLanMan: knows anybody how ScriptLogic bypass the problem with
    (local) administrator rights or other rights?
    We think that it will not be a simple call, but something like an
    "username/password" will be used before execution starts.
    Without using such kind of info, it can be possible that any kixtart-
    writer can create and run a kixtart script with any type of rights.
    Such situation isn't wanted and is for most organization unexpectable.
  • RE-Popovk: we like also the idea of a compressed with kix32.exe and
    (encrypted) script files.
    Our earlier suggestion is that you don't need any additional parameter
    during the kix32.exe call. Kix32.exe can handle plain text and those
    encrypted scripts.
    By the one-way encryption you must have the capability to specify which
    elements of your environment should be checked and what will happen
    by an incorrect result.
    Check f.e. @domain, @wkstat, @userid, @ipaddress, @os, .....
    Result by incorrect result f.e. mail administrator (= specified mail
    address), remove package from client, reboot client, ....

    Structure:

    code:
      - create a script
      - encrypt script with an additional program. you can specify elements
    to check for and what to do by an incorrect result.
    encryption will be one-way.
      - (idea Popovk): compact kixtart binaries and encrypted scripts to one file (= package)
      - by running package the file will only be copied to memory
    and the encrypted script will not be decrypted.
    a memory dump with encrypted scripts aren't interesting.
      - run encrypted script with kix32.exe or wkix32.exe file.
    kixtart recognize the encrypted file and it will first check the verification
    elements.
    by a correct result kix32.exe or wkix32.exe will decrypt your encrypted script
    internally and run your code.

  • RE-Richard Howard: some remarks about KixCrypt.
    - by calling it without any parameters it is unwanted that your program
    waits for user input. most programs we know returns some help information.
    - the result is always the same by the same parameters. such situation
    gives 'hackers' the capability to analyze "how are password be stored".

Greetings.

[ 21 October 2001: Message edited by: MCA ]

_________________________
email scripting@wanadoo.nl homepage scripting@wanadoo.nl | Links | Summary of Site Site KiXforms FAQ kixtart.org library collection mirror MCA | FAQ & UDF help file UDF kixtart.org library collection mirror MCA | mirror USA | mirror europe UDF scriptlogic library collection UDFs | mirror MCA