|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] RE: [PATCH][Take 2] VNC authentification
> > Why even bother encrypting the password? We're using a well known DES > > key so there is no security here. A user must still take appropriate > > precautions to protect the config files. In fact, I think munging the > > password like this gives a false sense of security. > > Yeah, we really need to chmod 700 the /etc/xen directory to protect > the passwords. Once this is done, there isn't much to be gained > from encryption in the file itself except for obfuscating it from > the benign casual observer. Using plain text in the config file would > make life easier to tools too, because they won't have to carry about > this VNC-specific DES encryption routine just to create passwds in the > guest config Yep, let's change the permissions and use plain text passwords. No point giving people a false sense of security. Ian _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |