Using Script to deploy client ... is the "Admin" password safe?

rycej · April 30, 2015, 3:13pm

I just tried the Python script together with building an exe using CX_Freeze (https://urbackup.atlassian.net/wiki/display/US/Download+custom+client+installer+via+Python) and it seems to work fine.

My question is, is the Admin username and password, which has to be provided in the script, safe and out of site once the exe has been made?

Can someone “open up” the exe and then see the script with the Admin username and password?

Or is there any temp files kicking around on the computer after the install that would have the Admin user name and password?

Any thoughts would be welcomed.

Thank you, James.

uroni · May 3, 2015, 8:46pm

I would change the password afterwards. In the script comments there is also a minimal set of rights the user needs to create new internet clients and get the encryption key of the newly created client. Unfortunately this allows this user to read all encryption keys of all clients. I will change this to return the authentication key for the newly created client only, but that will be a new server version.

You can certainly extract the python code from the “frozen” exe.

rycej · May 4, 2015, 2:30pm

Thank you very much uroni for the quick reply and information!

James.