Well, I don't think so... diferent points of view are cool but in this case... Reciently i send a message about "plain text password" on Real Media server for administrator purpouses. The fact is that password was stored in plain text in the system to be administrated, not in a remote one. EMMO this is stupid, we are speaking about a UNiX system, the program could create a new user with his new password well stored on /etc/passwd (or /etc/shadow)... well... i mean in the standard manner, and use the corresponding standar functions in order to do the authentification of the user wich logs here remotlely. Out of this case, as you say if you want to connect to a remote system several times, your local system must have the required password(s) stored in plain text in any place. Well, i've my ~/.fetchmailrc with a pair of passwords of two acounts writed in that way, but in this case fetchmail (at least my version) get you adviced if you put wrong rights on .fetchmailrc wich allow another users to read the content so security is guaranteed through standard security of the system in wich fetchmail is over. Anyway, if security were critical on my system, probably i could be a bit paranoid and could write my password everytime when wants to download mail. To end, you say there's situations in which password should be stored in the system in plain text format ? well... don't known no one (but temporary situations) in wich that must be necesary but, with all, if there's no another way to store it, please, the installation system could be a bit clever and, at least, put correct permissions to the file in wich the password is stored or, at least, at least, at least, when the program runs by first time tell "hey you! that file permissions are wrong!" Ahm! and avoid these stupid crypt algorithms. ;-> Have a good one! Excuse my poor english. I'm in the way of improve it... hehehe... -- Francisco M. Marzoa Alonso http://club.idecnet.com/~fmmarzoa
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:38 PDT