> As a factor of consideration, please remember in IBO I
> respect the environment variables you have set on your
> development machine for the default username and password.

This is OK where security does not matter in any way. That you really
dont care who gets the password - or that the machine has no
connections to the outside world.

Bear in mind that the anything stored in the system environment is
available to ANY PROCESS. Should you be unlucky enough to be infected
with a Trojan then the environment is there for all to see.

Of course, if you are infected with a Trojan, then your problems dont
end there. It could be monitoring your keyboard input so trying to
encrypt your passwords becomes a total waste of time anyway :-(

As a word of caution. Many installations setup their passwords using
a theme. I remember the place where I used to work, every month when
it was time to change all the passwords on the various equipment we
would sit together and have a lot of fun coming up with new passwords
and we almost always ended up following the same theme for all (greek
mythology, star trek etc). If you operate along such a basis and you
become infected with a Trojan - remember to change ALL your passwords
and not just those on the infected machine.


Geoff Worboys
Telesis Computing