[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] RE: [PATCH][Take 2] VNC authentification


Thanks all,

I will marshal code about the password from config file.
(It doesn't use base64 decode and DES decrypt to the password of
 config file)

And, I think that chmod 600 is necessary also for /var/log/xend.log.

Masami Watanabe

On Mon, 2 Oct 2006 20:15:13 +0100, Ian Pratt wrote:
> > > Why even bother encrypting the password?  We're using a well known
> > > key so there is no security here.  A user must still take
> appropriate
> > > precautions to protect the config files.  In fact, I think munging
> the
> > > password like this gives a false sense of security.
> > 
> > Yeah, we really need to chmod 700 the /etc/xen directory to protect
> > the passwords.  Once this is done, there isn't much to be gained
> > from encryption in the file itself except for obfuscating it from
> > the benign casual observer. Using plain text in the config file would
> > make life easier to tools too, because they won't have to carry about
> > this VNC-specific DES encryption routine just to create passwds in the
> > guest config
> Yep, let's change the permissions and use plain text passwords. No point
> giving people a false sense of security.
> Ian

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.