Re: no password gnome-keyring tip (OT)

From: Paul Betts <paul betts gmail com>
To: Jon Nettleton <jon nettleton gmail com>
Cc: networkmanager-list gnome org
Subject: Re: no password gnome-keyring tip (OT)
Date: Sat, 15 Apr 2006 19:30:56 -0400

On Sat, 2006-04-15 at 01:30 -0400, Jon Nettleton wrote: 
> No offense, but this is the worst, most insecure solution I have ever
> had to respond to.  To save yourself some time... you just want to have
> people put their password in a shell script in clear text.

Actually, it's not nearly as bad if you rig it correctly, because the
shell script itself could have permissions 700. It is somewhat insecure
in the sense that if a malicious program ran already logged on as you,
you could get the password, but for all intents and purposes this is
pretty null, because they've already got all the access that password
provides anyways, and if not, they have permissions to reset the
password.

That being said, I suspect there are more elegant solutions to this
problem.

-- 
Paul Betts <Paul Betts Gmail com>

References:
- no password gnome-keyring tip (OT)
  - From: Eli Criffield
- Re: no password gnome-keyring tip (OT)
  - From: Jon Nettleton

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]