WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] RE: [PATCH][Take 2] VNC authentification

from [Masami Watanabe] [Permanent Link][Original]
To: Ian Pratt <m+Ian.Pratt@xxxxxxxxxxxx>, "Daniel P. Berrange" <berrange@xxxxxxxxxx>, Anthony Liguori <aliguori@xxxxxxxxxx>
Subject: [Xen-devel] RE: [PATCH][Take 2] VNC authentification
From: Masami Watanabe <masami.watanabe@xxxxxxxxxxxxxx>
Date: Tue, 03 Oct 2006 11:04:21 +0900
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, masami.watanabe@xxxxxxxxxxxxxx
Delivery-date: Mon, 02 Oct 2006 19:01:39 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <3AAA99889D105740BE010EB6D5A5A3B202A4F0@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <3AAA99889D105740BE010EB6D5A5A3B202A3D2@xxxxxxxxxxxxxxxxxxxxxxxxxx> <JX200609291747343.1765484@xxxxxxxxxxxxxx> <20060929221145.GE8564@xxxxxxxxxx> <JH200610010353334.2150046@xxxxxxxxxxxxxx> <20061002162232.GB1730@xxxxxxxxxx> <45214B54.8060805@xxxxxxxxxx> <20061002181231.GC1730@xxxxxxxxxx> <3AAA99889D105740BE010EB6D5A5A3B202A4F0@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Hi,

Thanks all,

I will marshal code about the password from config file.
(It doesn't use base64 decode and DES decrypt to the password of
 config file)

And, I think that chmod 600 is necessary also for /var/log/xend.log.

Regards,
Masami Watanabe


On Mon, 2 Oct 2006 20:15:13 +0100, Ian Pratt wrote:
> > > Why even bother encrypting the password?  We're using a well known
> DES
> > > key so there is no security here.  A user must still take
> appropriate
> > > precautions to protect the config files.  In fact, I think munging
> the
> > > password like this gives a false sense of security.
> > 
> > Yeah, we really need to chmod 700 the /etc/xen directory to protect
> > the passwords.  Once this is done, there isn't much to be gained
> > from encryption in the file itself except for obfuscating it from
> > the benign casual observer. Using plain text in the config file would
> > make life easier to tools too, because they won't have to carry about
> > this VNC-specific DES encryption routine just to create passwds in the
> > guest config
> 
> Yep, let's change the permissions and use plain text passwords. No point
> giving people a false sense of security.
> 
> Ian


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-devel] [PATCH] add RDMSR/WRMSR instruction emulationtoVMXAssist decoder, Li, Xin B
Next by Date:  [Xen-devel] [IMPORTANT BUGFIX][ACM][XM] FIX essential security check in block-attach / indentation problem introduced in change set changeset 11572, Reiner Sailer
Previous by Thread:  [Xen-devel] RE: [PATCH][Take 2] VNC authentification, Ian Pratt
Next by Thread:  [Xen-devel] [PATCH][Take 3] VNC authentification, Masami Watanabe
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy