Final Word on the Password Problem
Jay R. Ashworth
jra at baylink.com
Tue Jul 13 09:02:55 PDT 2004
On Tue, Jul 13, 2004 at 09:54:53AM -0400, Nancy Palmquist wrote:
> Here is my reply to my esteemed colleagues points and arguments:
>
> 1) Bob Stockler & JP - I prefer a site password because of the nature of
> the site password function. As this customer found out, a site password
> was assigned - unknown and unnoticed - it connected itself to many
> process tables before it was discovered. Then it was a real headache to
> remove.
>
> Using the Option and changing the password on each and every table if
> you find a way to load them, or if they are in ASCII using VI to remove
> them or paying fpTech to remove them if they are encrypted. All this
> could have been avoided if the password had been assigned by the
> developer/user.
I don't know that I see that this is true... except to the extent that
it's harder to *change* one than to assign one since, presumably, you'd
have to know the old one.
If you change a site password, what happens to all the other tables:
does filePro remember that there was a chnage, and rewrite the old with
the new when it next sees the file? I presume it doesn't sweep
everything...
> 3)ASCII - is a great way to store all process tables. I do it myself.
> It will allow you to read the table from outside filePro, it reduces the
> load time for editing and running if you are using the dclerk/dreport
> versions of filePro.
And it lets you use all of Bob's uber-cool tools.
> However, the Quickstart stuff is still very useful as I recently
> discovered for one of my big customers. It runs faster than the non
> quickstart version. I couldn't believe it but it ran noticeably faster
> - not just the load time but from record to record processing time.
> Since all installations of 5.0 include quickstart, you can use both as
> needed.
It's certainly not supposed to. It never has been: the only think
Quikstart gained you was the parse-tree build time. If you can
document this, we'd all be very interested to beat fpTech over the head
with the results, I suspect. ;-)
> 5) Bob & Mark - I know that Unix will accept a long password but will
> only respect the first part of it. I know I assigned a very long
> password as the root password on a Unix system, such as
> "McDonaldSalesCompany". I have easily been able to login with only
> "McDonaldSales" with no problem. Not sure how many other letters I can
> drop to gain access.
Note that this is likely no longer true. It's certainly not true on
Linux boxen, if you select a sane password hash format (like MD5) at
install time: then you can have any length password you want.
> BTW I did this to make it difficult for the customer to log in as root.
> IT did not stop them. And Mark before you panic, and post that the
> password is too easy to figure out, this system is totally internal and
> has no access to the outside world, you can't get too much more secure
> than that with regard to hackers. Employees own the place and in the 20
> years we have worked with them, no one has ever even tried to bother
> with the operating system. Most stable computer system I ever
> installed. They call to to ask how to reboot since they do it only
> every few years. Love that Unix stuff.
A *much* larger percentage of intrusions come from insiders than from
"hackers". Don't get me started, Nancy. *Me, Mark, and Bob* are
hackers. Those people already have a name: they're "criminals".
> Vicki - These are my arguments. You, of course, will make your own
> decision but I highly recommend a site password be assigned on any Unix
> system. You will never again be stuck with processing tables you do not
> know how to open.
Unless you lose the password.
:-)
Cheers,
-- jra
--
Jay R. Ashworth jra at baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274
"You know: I'm a fan of photosynthesis as much as the next guy,
but if God merely wanted us to smell the flowers, he wouldn't
have invented a 3GHz microprocessor and a 3D graphics board."
-- Luke Girardi
More information about the Filepro-list
mailing list