|
|
|
Forum Guru
 
Group: Forum Members
Last Login: 9/22/2009 3:05:49 PM
Posts: 55,
Visits: 114
|
|
| It is possible to store the passwords in the VNCManager config. I have a great many passwords and would really like to store them. It looks like a simple hash in the config if I remember. How about a master password and some real encryption on the stored configs.
|
|
|
|
|
Supreme Being
Group: Administrators
Last Login: Yesterday @ 3:30:09 AM
Posts: 1,162,
Visits: 1,908
|
|
The passwords in the config file are stored in encrypted format. They are encrypted using MD5CryptoServiceProvider from .Net framework.
Kindest Regards,
SmartCode Solutions Support
|
|
|
|
|
Forum Guru
Group: Forum Members
Last Login: 9/22/2009 3:05:49 PM
Posts: 55,
Visits: 114
|
|
| They may be encrypted but I don't need to enter a password to decrypt them. I would like to have a master password that would need to be entered to enable automatic logins.
|
|
|
|
|
Supreme Being
Group: Administrators
Last Login: Yesterday @ 3:30:09 AM
Posts: 1,162,
Visits: 1,908
|
|
zarthan (8/9/2007)
They may be encrypted but I don't need to enter a password to decrypt them. I would like to have a master password that would need to be entered to enable automatic logins.
You do enter a password to decrypt them - when you login into Windows. I don't think the extra password is needed. Overwise the next request could be - have master password for the master password?!
Kindest Regards,
SmartCode Solutions Support
|
|
|
|
|
Forum Guru
Group: Forum Members
Last Login: 9/22/2009 3:05:49 PM
Posts: 55,
Visits: 114
|
|
It means any copy of VNCmanager can decrypt the config file. I can get administrator access to any windows computer if I have physical access to it, regardless of how long or complex your password is in less than 5 minutes. Once I have access and passwords are stored in VNCmanager I can get into any machine remotely. Physical access would no longer be required. Since you are relying on the Windows login and any copy of VNCManager can decrypt the password you might as well not encrypt the passwords at all.
Please reconsider.
|
|
|
|
|
Supreme Being
Group: Administrators
Last Login: Yesterday @ 3:30:09 AM
Posts: 1,162,
Visits: 1,908
|
|
But lets say, if the config files were stored as encrypted EFS files? In this case even if you would get admin access to local computer, you would have to get the access to specific user account. Overwise you won't be able to read EFS encrypted files. And I would say if you were able to get access to the specific account, that's means that the user’s computer was seriously compromised. While having master password for config file would probably make the hackers task a bit harder, but most probably it won't stop him.
Kindest Regards,
SmartCode Solutions Support
|
|
|
|
|
Forum Guru
Group: Forum Members
Last Login: 9/22/2009 3:05:49 PM
Posts: 55,
Visits: 114
|
|
| EFS works but creating config backups etc requires additional effort / care to make sure they are protected. I wouldn't rely on everyone knowing about or using efs. In a large corporation I could easily make the case for disallowing your product just because it did store logins the way it does. There would be no way to enforce the use of efs or any other safe storage of config files and if it is possible to save passwords they will be saved. It would be a major security violation without password encryption. Assuming you want your program used in major corporations I would think this would be a very big selling point. It would be easy for a companies to use very long complex passwords for access to servers without the administrators needing to even know what the passwords were. A single master password unlocks the configuration file.
|
|
|
|
|
Supreme Being
Group: Administrators
Last Login: Yesterday @ 3:30:09 AM
Posts: 1,162,
Visits: 1,908
|
|
|
|
|
|
Forum Guru
Group: Forum Members
Last Login: 9/22/2009 3:05:49 PM
Posts: 55,
Visits: 114
|
|
| I hope it is you who wins. I can't tell you how much it means knowing that someone listens. Thanks you.
|
|
|
|
|
Supreme Being
Group: Administrators
Last Login: Yesterday @ 3:30:09 AM
Posts: 1,162,
Visits: 1,908
|
|
| We have started implementing the Master Password feature. I'm just posting couple of screenshot, so you could get an idea how the feature will appear to end-user. Password prompt at the VNC Manager start-up:
 Properties dialog:
Kindest Regards,
SmartCode Solutions Support
|
|