22 Apr
2007
22 Apr
'07
5:16 p.m.
In article <462BF461.4090406 at compsys.to>,
"Jerome H. Fine" <jhfinedp3k at compsys.to> writes:
On the other hand, I suspect that the actual clear
text of
the userid / passwords should never have been stored in a
file in the first place. If that is what you described (based
on what you specified above), that was a VERY serious error
in the security of the system. [...]
Lots of systems made that error. For instance, RSTS/E stored the
passwords in cleartext and you could list them out if you were a
privileged (1,*) user. I discovered that when you submitted a batch
job through the @ processor, it ran as user batch on account (1,2).
So it wasn't too hard to submit a batch job that ran the ACCOUN
program to list out the passwords.
--
"The Direct3D Graphics Pipeline" -- DirectX 9 draft available for download
<http://www.xmission.com/~legalize/book/download/index.html>
Legalize Adulthood! <http://blogs.xmission.com/legalize/>