Hello,
I'm not sure if I've posted this in the right thread, but here's my problem:
To install certain packages, you can add parameters like passwords (this is the case, for example, with VNC => http://wapt.tranquil.it/wapt/tis-vncres ... 1_all.wapt ).
The major problem is that the package is downloadable by regular users, who can unzip it and see the setup.py file containing the password.
Adding an .htaccess file to the repository (https://wiki.lesfourmisduweb.org/index. ... t_de_passe) only adds another step, because the c:/wapt/wapt-get.ini file is still readable by the user, or at least by someone on an administered machine.
The problem is the same for software with license keys.
Have you ever encountered these problems, and how did you solve them (if a solution exists)?
Thank you,
Grima
package with password to initialize (or license key)
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
This is indeed an unresolved issue. 
Here's an idea:
You could encrypt your license key within the package. The data in the package would then be unusable.
Once the package is downloaded by the WAPT client, the license key can be decrypted with a decryption key stored locally on the machine but inaccessible to the user. (See how to store the key in a folder protected by ACLs.)
This way, the user cannot retrieve the license.
However, there's a problem if the decryption key is stolen.
Other solutions might be worth exploring; I'm not an expert in this area.
Here's an idea:
You could encrypt your license key within the package. The data in the package would then be unusable.
Once the package is downloaded by the WAPT client, the license key can be decrypted with a decryption key stored locally on the machine but inaccessible to the user. (See how to store the key in a folder protected by ACLs.)
This way, the user cannot retrieve the license.
However, there's a problem if the decryption key is stolen.
Other solutions might be worth exploring; I'm not an expert in this area.