Re: static gchar security

From: "Jacob Perkins" <jap1 users sourceforge net>
To: <gtk-app-devel-list gnome org>
Cc: <desktop-devel-list gnome org>
Subject: Re: static gchar security
Date: Tue, 5 Nov 2002 11:45:22 -0600 (CST)

It's more of a conveniance function, I'd like to do something similar to
evolution's password caching with gpg.  Also, the app won't be doing
password checking, only the caching, so I don't think I can use md5 since
it'd need to be a 2 way hash.  Is there a way to secure this, or at least
obscure it?

> It would be *very* insecure.  Any root-level program could pick up that
> password very easily just by examining /dev/kmem.  Why would you want to
> store that password for the life of a program anyway?  It's standard
> procedure for programs that accept passwords to forget them immediately
> after receiving them and doing the authentication.
>
> --Jason
>
> On Tue, 2002-11-05 at 00:41, Jacob Perkins wrote:
>> How (in)secure would it be to have a static gchar that would save a
>> plaintext password?  The gchar would start off null, but could later
>> contain a password, and is static for the life of the app.  Is there a
>> better way to do this?
> --
> Jason A. Pfeil                        pfeil 10East com
> Senior Open Systems Engineer          http://www.10East.com
> 10East, Inc.                          (904)220-DOCS

Follow-Ups:
- Re: static gchar security
  - From: Jason A. Pfeil

References:
- static gchar security
  - From: Jacob Perkins
- Re: static gchar security
  - From: Jason A. Pfeil

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]