Passing a password as a script parameter -- is it safe?

Question

My script is going to use WMI to connect to remote systems and I was looking at this post on how to go about doing so. It looks like I may need to pass in the username and password.

I am executing my script on remote systems with a Java program that runs it and parses the STDIN output.

Is it safe to pass in a password as a variable?

From the Java side the password will be in a property file (or a different method -- I'm not yet sure the best way to go about that, but its a different story) and I'll pass it in when I call the script.

Answer 1

If you are worried about sending the password in plaintext via network for a WMI request: This link says that if you have Kerberos authentication in use, password/username cannot be intercepted on the network. http://msdn.microsoft.com/en-us/library/windows/desktop/aa393720(v=vs.85).aspx Check if this helps you out.

If you are worried about saving the password on the machine (which you want use for a WMI request): Encrypt it and store in some db/file, decrypt it whenever you want to send it across
And yes, you should use existing standard encryption mechanisms.

Answer 2

never ever send passwords in plain. Use always a one way hash algorithm like MD5 to encrypt the password entered by a user.

Further never save a password as plain text anywhere. Always store the hash and compare this with the hashed input of the user.

Some articles to start with VBScript:

• Is there a method to encrypt passwords stored in a VBS
• Encrypting/Hashing plain text passwords in database
• http://www.edugeek.net/forums/coding/6951-masking-password-inputbox-vbscript.html
• http://social.technet.microsoft.com/Forums/scriptcenter/en-US/1d132da1-2014-4f34-87f5-d787e764995f/save-encrypted-password-in-vbscript