I am only suggesting the development machine have passwords in the
environment. Never should a users machine be trusted to have secure stuff in
an environment variable. Is all this gives you is the ability on your
development machine is to avoid having to put development mode passwords
right in the source code itself.

If there is a trojan on your development machine then you are pretty much
hosed.

Jason Wharton
CPS - Mesa AZ
http://www.ibobjects.com

----- Original Message -----
From: "Geoff Worboys" <geoff@...>
To: <IBObjects@yahoogroups.com>
Sent: Wednesday, August 08, 2001 5:55 PM
Subject: Re: [IBO] Survey: TIB_Connection and Passwords


> > As a factor of consideration, please remember in IBO I
> > respect the environment variables you have set on your
> > development machine for the default username and password.
>
> This is OK where security does not matter in any way. That you really
> dont care who gets the password - or that the machine has no
> connections to the outside world.
>
> Bear in mind that the anything stored in the system environment is
> available to ANY PROCESS. Should you be unlucky enough to be infected
> with a Trojan then the environment is there for all to see.
>
> Of course, if you are infected with a Trojan, then your problems dont
> end there. It could be monitoring your keyboard input so trying to
> encrypt your passwords becomes a total waste of time anyway :-(
>
> As a word of caution. Many installations setup their passwords using
> a theme. I remember the place where I used to work, every month when
> it was time to change all the passwords on the various equipment we
> would sit together and have a lot of fun coming up with new passwords
> and we almost always ended up following the same theme for all (greek
> mythology, star trek etc). If you operate along such a basis and you
> become infected with a Trojan - remember to change ALL your passwords
> and not just those on the infected machine.
>
>
> Geoff Worboys
> Telesis Computing