>so if we were going to use them elsewhere, we wouldn't be able to
No - even such a encrypted file is also used in an unsecured config
parameter, assp will know that and will decrypt the content.
>1) When did encryption of external configuration files become the norm? I
hadn't noticed this before.
What are 'external configuration files'?
There was never a V2 released without encrypted config parameters!
>2) Is there a way to disable this option?
No.
Why?
>3) Curious, what's the point of encrypting these files? if someone has
access to the ASSP machine or file structure, encryption of these files
won't do much of anything would it?.
Encryped are all config parameters (and used files), if they may contain
passwords.
Encrypted config parameters are only visible to 'root' in the GUI
>(change PW in ASSP.cfg and look at
admin UI to see what's in the group file)
Changing 'webAdminPassword' outside the GUI or SNMP will destroy all
encrypted config parameters , hashes and database tables.
Thomas
Von: K Post <nntp.p...@gmail.com>
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum: 21.10.2016 03:12
Betreff: [Assp-test] Files included in Group Config Encrypted?
Just noticed this:
Oct-20-16 20:52:17 Info: file c:/ASSP/IP-Lists/IPS-gmail.com.cfg is now
stored encrypted, because it is used in secured config Groups
We programatically generate several lists in IP-Lists that are used in
group definitions. It looks like they become re-encrypted after updating,
so if we were going to use them elsewhere, we wouldn't be able to. That's
okay, we can change the code that creates this lists.
I do have little questions though:
1) When did encryption of external configuration files become the norm? I
hadn't noticed this before.
2) Is there a way to disable this option?
3) Curious, what's the point of encrypting these files? if someone has
access to the ASSP machine or file structure, encryption of these files
won't do much of anything would it? (change PW in ASSP.cfg and look at
admin UI to see what's in the group file).
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
