WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] RE: [PATCH][Take 2] VNC authentification

To: "Daniel P. Berrange" <berrange@xxxxxxxxxx>, "Anthony Liguori" <aliguori@xxxxxxxxxx>
Subject: [Xen-devel] RE: [PATCH][Take 2] VNC authentification
From: "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>
Date: Mon, 2 Oct 2006 20:15:13 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, Masami Watanabe <masami.watanabe@xxxxxxxxxxxxxx>
Delivery-date: Mon, 02 Oct 2006 12:16:44 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <3AAA99889D105740BE010EB6D5A5A3B202A3D2@xxxxxxxxxxxxxxxxxxxxxxxxxx> <JX200609291747343.1765484@xxxxxxxxxxxxxx> <20060929221145.GE8564@xxxxxxxxxx> <JH200610010353334.2150046@xxxxxxxxxxxxxx> <20061002162232.GB1730@xxxxxxxxxx> <45214B54.8060805@xxxxxxxxxx> <20061002181231.GC1730@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcbmTlxXs7+amxFQRBWCGtnwXGooowACISig
Thread-topic: [PATCH][Take 2] VNC authentification
> > Why even bother encrypting the password?  We're using a well known
DES
> > key so there is no security here.  A user must still take
appropriate
> > precautions to protect the config files.  In fact, I think munging
the
> > password like this gives a false sense of security.
> 
> Yeah, we really need to chmod 700 the /etc/xen directory to protect
> the passwords.  Once this is done, there isn't much to be gained
> from encryption in the file itself except for obfuscating it from
> the benign casual observer. Using plain text in the config file would
> make life easier to tools too, because they won't have to carry about
> this VNC-specific DES encryption routine just to create passwds in the
> guest config

Yep, let's change the permissions and use plain text passwords. No point
giving people a false sense of security.

Ian

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel