[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] RE: [PATCH][Take 2] VNC authentification

> > Why even bother encrypting the password?  We're using a well known
> > key so there is no security here.  A user must still take
> > precautions to protect the config files.  In fact, I think munging
> > password like this gives a false sense of security.
> Yeah, we really need to chmod 700 the /etc/xen directory to protect
> the passwords.  Once this is done, there isn't much to be gained
> from encryption in the file itself except for obfuscating it from
> the benign casual observer. Using plain text in the config file would
> make life easier to tools too, because they won't have to carry about
> this VNC-specific DES encryption routine just to create passwds in the
> guest config

Yep, let's change the permissions and use plain text passwords. No point
giving people a false sense of security.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.