You are right, but remember, locks are for honest people. Just compiling should do the trick for most of the users-argv
True - I just wanted to point out that there's no way to
ultimately secure the thing
Depending on
what the password is for, and
where the script might be lying around, this could prove to be a problem or not. Bank or remote system credentials? Oops! For something that's not critical enough that you can live with the password being snooped by somebody very determined, but still critical enough that you don't want people to snoop it, I'd suggest a two-stage approach:
1) keep an encryption key in the Windows protected storage - this key is only available when you're logged in to the system (which
does also mean, though, that if as soon as you're logged in, the key could be stolen by malware or while you're away from the computer).
2) have the password in the script encrypted by the key from part #1.
This way, you could even leave your script uncompiled, as nobody would be able to use it without the key in the Protected Storage. You're still vulnerable to sniffing and all that, but at least you've removed a fairly large attack vector.