Re: [Assp-user] webAdminPassword encrypted

Mon, 14 Jan 2008 12:17:56 -0800 

Someone can get read access to assp.cfg without write.

default umask is 022, what mean files are created with 0644, so by default
them can read not write

MD5 hash will help to protect sysadmins which do not checked their
permissions.

I know is easier to chmod 0600 assp.cfg, but, my opinion is to restrict
where's possible



On Jan 14, 2008 6:11 PM, Kevin <[EMAIL PROTECTED]> wrote:

> Roberto Berto wrote:
> > On Jan 14, 2008 3:00 PM, GrayHat <[EMAIL PROTECTED]> wrote:
> >
> >>> webAdminEncryptedPassword
> >> it's a nonsense; imVHo it would just suffice to use MD5 to generate
> >> an hash of the admin password and store the hash inside the config
> >> file in place of the plain text pwd; at any rate, if someone will be
> >> able to read your cfg file, then I suspect you'll have bigger problems
> >> than
> >> the plain text password one <g>
> >>
> >
> > I disagree strongly you.
> >
> > My idea is use MD5 at webAdminEncryptedPassword and MD5 is better than
> > actual plan text.
>
> It makes no difference if the password is plaintext or an MD5 hash once
> you have access to the file.
>
> What is to stop someone from simply deleting the existing MD5 hash and
> replacing it with their own?
>
> Kevin
>
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
>
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> Assp-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>



-- 
Atenciosamente,

----------------------------------------------------------
Roberto Bertó
[EMAIL PROTECTED]

TeHospedo - hospedagem de sites - http://www.TeHospedo.com.br - 51 32277727
----------------------------------------------------------

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user

Reply via email to