Batch File Password

January 4, 2009 at 13:27:21
Specs: Windows XP Pro SP2, AMD Semptron - 1.5gb RAM
Hi, i'm making a batch file where the user
enters a password. Instead of the password
intergrated inside the batch file, I need it
to be saved on a seperate file, like pwd.txt.
How would you make the batch file read it and
see if it has the same text as the user has
inputted?

See More: Batch File Password

Report •


#1
January 4, 2009 at 14:31:03
First create pwd.txt and give it the Hidden and ReadOnly attributes for safety reasons.

echo.MyPassword>pwd.txt
attrib pwd.txt +R +H

Then to read the stealth password and compare with the one typed

set /P PWD=<pwd.txt
set /P USER=Enter Password^>
if "%USER%"=="%PWD%" (goto :OK) else (goto :ERROR)

That however allows the password to be stolen while the user is typing it on the screen.

Report •

#2
January 4, 2009 at 19:51:21
Security through obscurity is no security all.

Passwords used in batch files, even if they are stored in a hidden text file, is IMO completely worthless. My 10 year old nephew knows how to access a "hidden" text file to get the password that is stored in it.

If you really need to use password authentication, then use a language that doesn't store the password in a plain text file and you should store them encrypted.


Report •

#3
January 5, 2009 at 10:31:34
i'm facing the same problem here.
what's the better way to store plain password? i'm thinking of storing it in registry, but dont have a clue to do it. at least it stop the average computer user to look at my data.

Report •

Related Solutions

#4
January 5, 2009 at 11:36:37
Putting the passwords in the registry is 1 step above a plain text file, but still not very secure.

Here's an example on using regedit in a batch file, but I'm sure IVO can come up with a better example.
http://www.robvanderwoude.com/reged...

A better option would be to store encrypted passwords in a database, such as mysql, and use a scripting language like Perl or Python, or one of the VB variants.


Report •


Ask Question