[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Re: Saving of passwords (Was: Security status)
From: Waldo Bastian <bastian () suse ! de>
Date: 2000-02-07 12:37:49
[Download RAW message or body]
On Mon, 07 Feb 2000, George Staikos wrote:
> > > Not to mention that most of them will be using POP3 and sending
> > > their password cleartext over the network anyways.
> >
> > That is no reason to create additional security weaknesses.
>
> We aren't creating an additional security weakness though. I don't
> see it being any more or less secure by putting it in a different
> file. Just more of a pain.
By pulling sensitive data out of the config file and into a seperate
file it is easier to give this file the right permissions.
> > > We're just adding
> > > more security through obscurity, really.
> >
> > Scrambling the password to make it "non-plaintext" falls in the
> > category "security through obscurrity". Ensuring correct
> > file-permissions on sensitive data is a sane way to build a secure
> > system.
>
> Correct and this should be on the homedirectory and the .kde
> directory.
Bullshit. Not everything in my home / .kde directory needs to be
inaccesible just because a mail-program is too lazy to set correct
file-permissions.
That's like setting /etc to 0700 because you don't want to set
/etc/shadow to 0600.
Cheers,
Waldo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic