Mark's Windows Server Blog - All Comments

Howell Net The Home Network

Howell Net The Home Network — Wed, 03 Jun 2009 19:44:55 GMT

Pingback from Howell Net The Home Network

re: Core Configurator - download it whist you can…

ganotganot — Fri, 13 Mar 2009 14:47:26 GMT

Dear mark,

My name is Asaf Ganot and I work at Smart-X (Former employer of Guy Teverovsky)

Just wanted to state that the original CoreCFG tool was developed by me and Sharon Haris way before Guy's version. The original version was introduced in Microsoft's TechEd 2008 in Israel by Sharon Haris. The publication of the mid-version made by Guy was a mistake that was corrected shortly after.

Anyway, since Guy's version we added many features to the tool and it can be downloaded at www.smart-x.com

Sincerely,

Asaf Ganot.

re: How Windows PowerShell exposes passwords in clear text

markwilson — Thu, 23 Aug 2007 18:23:04 GMT

Since I wrote the original blog post on this subject, it's been pointed out to me that get-credential doesn't actually store the credentials as clear text - get-member shows that the method is actually a secure string.

My point is that, regardless of how the credential is stored, it can be retrieved in a human-readable form. I shouldn’t ever be able to say “what is the password?” and read it - what I should be able to say is, “does this hash (based on what I think the password is) match the stored hash for the password?” - that’s something very different (and far more secure in my view).

Whether this is actually a bug is questionable (it probably is by design) - unfortunately the only other type of feedback that I can submit to Microsoft is a suggestion - maybe I should “suggest” that this is a poor way in which to handle user credentials and other sensitive data.

Mark