|
The more that I think about it, the more I don't like the date idea... (even though I came up with it.) Someone could simply change the date on their computer...
Checking the logon process for decryption to work isn't a bad idea, however there is still the (minor) security problem with someone writing their own script (non-kix) to decrypt. The idea of checking if the script is running from the netlogon share on a DC seems workable. You could embed DOMAIN-SPECIFIC information into the encrypted string. (perhaps some sort of unique (not obvious) info that everyone can read but not change on the PDC.) Someone would have to completely hack your activex wrapper to even see what that info was and how it was included.
Brian
[ 31 May 2002, 22:48: Message edited by: BrianTX ]
| 
