Re: Handling of empty secrets

On Sun, 2011-03-20 at 12:05 +0300, Andrey Borzenkov wrote:
> I try to sanitize handling of secrets in knetworkmanager. The main
> issue I face - what to do with empty secrets and are they allowed at
> all?
> Random checking of upstream VPN plugins seems to indicate, that empty
> secret is treated as missing secret. OTOH empty secret - while
> probably insecure - could be valid?
> So what are rules for handling of secrets in NM? Are empty secrets
> allowed and are they distinguished from missing secrets?

Empty secrets aren't allowed thusfar.  What situations do you need these
in?  I haven't come across any so far with the main four plugins...  But
also 0.9 has the concept of "secrets flags" and one of them is "not
required", which could be used to indicate that the secret is not
actually required.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]