Re: no password gnome-keyring tip (OT)



On Sat, 2006-04-15 at 01:30 -0400, Jon Nettleton wrote: 
> No offense, but this is the worst, most insecure solution I have ever
> had to respond to.  To save yourself some time... you just want to have
> people put their password in a shell script in clear text.

Actually, it's not nearly as bad if you rig it correctly, because the
shell script itself could have permissions 700. It is somewhat insecure
in the sense that if a malicious program ran already logged on as you,
you could get the password, but for all intents and purposes this is
pretty null, because they've already got all the access that password
provides anyways, and if not, they have permissions to reset the
password.

That being said, I suspect there are more elegant solutions to this
problem.

-- 
Paul Betts <Paul Betts Gmail com>




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]