Final Word on the Password Problem

Jay R. Ashworth jra at baylink.com
Tue Jul 13 09:02:55 PDT 2004


On Tue, Jul 13, 2004 at 09:54:53AM -0400, Nancy Palmquist wrote:
> Here is my reply to my esteemed colleagues points and arguments:
> 
> 1) Bob Stockler & JP - I prefer a site password because of the nature of
> the site password function.  As this customer found out, a site password
> was assigned - unknown and unnoticed - it connected itself to many
> process tables before it was discovered.  Then it was a real headache to
> remove.  
> 
> Using the Option and changing the password on each and every table if
> you find a way to load them, or if they are in ASCII using VI to remove
> them or paying fpTech to remove them if they are encrypted.  All this
> could have been avoided if the password had been assigned by the
> developer/user.  

I don't know that I see that this is true... except to the extent that
it's harder to *change* one than to assign one since, presumably, you'd
have to know the old one.

If you change a site password, what happens to all the other tables:
does filePro remember that there was a chnage, and rewrite the old with
the new when it next sees the file?  I presume it doesn't sweep
everything...

> 3)ASCII - is a great way to store all process tables.  I do it myself. 
> It will allow you to read the table from outside filePro, it reduces the
> load time for editing and running if you are using the dclerk/dreport
> versions of filePro.

And it lets you use all of Bob's uber-cool tools.

> However, the Quickstart stuff is still very useful as I recently
> discovered for one of my big customers.  It runs faster than the non
> quickstart version.  I couldn't believe it but it ran noticeably faster
> - not just the load time but from record to record processing time. 
> Since all installations of 5.0 include quickstart, you can use both as
> needed.

It's certainly not supposed to.  It never has been: the only think
Quikstart gained you was the parse-tree build time.  If you can
document this, we'd all be very interested to beat fpTech over the head
with the results, I suspect.  ;-)

> 5) Bob & Mark - I know that Unix will accept a long password but will
> only respect the first part of it.  I know I assigned a very long
> password as the root password on a Unix system, such as
> "McDonaldSalesCompany".  I have easily been able to login with only
> "McDonaldSales" with no problem.  Not sure how many other letters I can
> drop to gain access.

Note that this is likely no longer true.  It's certainly not true on
Linux boxen, if you select a sane password hash format (like MD5) at
install time: then you can have any length password you want.

> BTW I did this to make it difficult for the customer to log in as root. 
> IT did not stop them.  And Mark before you panic, and post that the
> password is too easy to figure out, this system is totally internal and
> has no access to the outside world, you can't get too much more secure
> than that with regard to hackers.  Employees own the place and in the 20
> years we have worked with them, no one has ever even tried to bother
> with the operating system.  Most stable computer system I ever
> installed.  They call to to ask how to reboot since they do it only
> every few years.  Love that Unix stuff.

A *much* larger percentage of intrusions come from insiders than from
"hackers".  Don't get me started, Nancy.  *Me, Mark, and Bob* are
hackers.  Those people already have a name: they're "criminals".

> Vicki - These are my arguments.  You, of course, will make your own
> decision but I highly recommend a site password be assigned on any Unix
> system.  You will never again be stuck with processing tables you do not
> know how to open.

Unless you lose the password.

:-)

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra at baylink.com
Designer                          Baylink                             RFC 2100
Ashworth & Associates        The Things I Think                        '87 e24
St Petersburg FL USA      http://baylink.pitas.com             +1 727 647 1274

	"You know: I'm a fan of photosynthesis as much as the next guy,
	but if God merely wanted us to smell the flowers, he wouldn't 
	have invented a 3GHz microprocessor and a 3D graphics board."
					-- Luke Girardi


More information about the Filepro-list mailing list