Re: making smb remember passwords

Sorry, just started looking at this stuff.. seems like theres a lot more
involved than I thought originally.
> 	Gconf keys are persisted to disk unpredictably; and one should never
> persist a password to disk; even passing it around freely between apps
> is risky IMHO.

Well.. most people have their rsa private keys in their home directory.
You could say thats worse than storing passwords ;-)

When I took a class with Ed felten, he use to say that security means
nothing if you don't have physical security (meaning that any kind of
encryption/password blah is pointless if someone can watch you type on
your keyboard or hack your server by swapping its hard drive.)

I think one way is to be paranoid and say "never write your passwords down"
and on the other end, "write every password down so you never have to
type it twice." Maybe gnome needs a general policy towards security.. but I
don't think it would be that bad to store passwords in some manner. The benefit
it seems to me far outweight the costs or risks.

If you've got someone sitting at your computer and taking advantage of your cached
passwords.. then well, you've got a much bigger problem altogether ;-)

It'd be nice though, if there was a switch somewhere that said "never store passwords"

> 	gnome-vfs isn't at the application level ;-) the daemon would hide all
> of that; except the application will still need to provide
> authentication input hooks.

right. ok, thats what i figured.
> 	There is no UI part of gnome-vfs; quite why we can't put this
> functionality into libgnomeui I have no idea - it probably has more to
> do with broken political ideologies ("libgnomeui must die") rather than
> pragmatic sanity. You're certainly right though - libgnomeui, or
> libbonoboui should provide a default password / auth dialog that the
> user doesn't need to care about.

time to go read about libgnomeui... (sorry) 


"If only God were alive to see this.. "  -Homer Simpson

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]