AutoHotkey Community

Knowbodynow · Joined: 26 Jun 2007 Posts: 37

Hello, if I use runas in a script then I need to include my user account name and password. If I compile this into an exe file how secure is it? For example, would it be possible for the file to get hacked in some way if I inadvertantly hit a bad website while browsing? My apologies if this is a daft question. I just switched to using a Limited User Account on Windows XP. Currently I'm rightclicking and using Runas from explorer but I'd like to automate some tasks and want to avoid manually entering a password each time.

Thanks,

CaH

BoBo² · Guest

Let the exe read the pw from an restricted area? So an attack would have to be done during its transmission. Good enough?

Knowbodynow · Joined: 26 Jun 2007 Posts: 37

Thanks for the reply - not sure I understand it! What I was thinking of doing was compiling an exe file containing my password. You seem to be suggesting accessing a file from a restricted area but what would that be C:\Program Files? Not sure how to create a restricted area or how to or why to pass a password to an exe file. What would i store the password in a text file. Sorry, I'm a complete beginner when it comes to this.

CaH

Sivvy · Posted: Fri Aug 08, 2008 1:51 pm Post subject:

First, search the forums for something called "Exe2Ahk". Your password is not safe in your exe.

Second, I think he means storing your password in something that has it's own password, or is hidden away. Problem is, you would need to have that extra info in your code, and if it's decompiled... Then people can go searching.

What I would really suggest is to have your program start with a single InputBox, that asks for your password. Enter your password once, and it saves to a variable for use everytime you need it. If you use this method, there is next to no chance for it to be put at risk. Win/Win. You only enter it once, it doesn't get found by others. Even if decompiled, the password only exists during "Run-Time", so they have no idea how to get at it.

Knowbodynow · Joined: 26 Jun 2007 Posts: 37

Thanks for the reply. I'll check out Exe2Ahk. This is an example of what I'm using at the moment. I amended something I found in the forum:

engunneer · Posted: Fri Aug 08, 2008 4:41 pm Post subject:

if you compile the exe with a password and a /nodecompile option, the password is pretty safe. There is no way to completely block the source code being read, but that will stop the casual browser.
_________________

Unless otherwise noted, all code is untested.
Common Answers: 1.(Loops, Viruses, etc.) 2. Search 3.RTFM

Knowbodynow · Joined: 26 Jun 2007 Posts: 37

Hi, how do I do that. Looking at the Ahk2Exe that I have there seems to be one box for entering a password or typing N/A. How do I do both?

CaH

engunneer · Posted: Sat Aug 09, 2008 4:37 am Post subject:

there are a few scripts in the S&F subforum for "Those who Compile" that give you full options without using the command line to compile.
_________________

Unless otherwise noted, all code is untested.
Common Answers: 1.(Loops, Viruses, etc.) 2. Search 3.RTFM