Re: static gchar security
- From: "Jacob Perkins" <jap1 users sourceforge net>
- To: <gtk-app-devel-list gnome org>
- Cc: <desktop-devel-list gnome org>
- Subject: Re: static gchar security
- Date: Tue, 5 Nov 2002 11:45:22 -0600 (CST)
It's more of a conveniance function, I'd like to do something similar to
evolution's password caching with gpg. Also, the app won't be doing
password checking, only the caching, so I don't think I can use md5 since
it'd need to be a 2 way hash. Is there a way to secure this, or at least
obscure it?
It would be *very* insecure. Any root-level program could pick up that
password very easily just by examining /dev/kmem. Why would you want to
store that password for the life of a program anyway? It's standard
procedure for programs that accept passwords to forget them immediately
after receiving them and doing the authentication.
--Jason
On Tue, 2002-11-05 at 00:41, Jacob Perkins wrote:
How (in)secure would it be to have a static gchar that would save a
plaintext password? The gchar would start off null, but could later
contain a password, and is static for the life of the app. Is there a
better way to do this?
--
Jason A. Pfeil pfeil 10East com
Senior Open Systems Engineer http://www.10East.com
10East, Inc. (904)220-DOCS
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]