On 1/31/2015 6:25 PM, Kent Borg wrote:
Daemons, written in Python, on a machine I fully control.
If you fully control it then you don't need authentication.
Because this is only used to communicate within the machine, no one else cares whether it changes. A file with narrow permissions is safer than trusting "localhost" restrictions.
Not really. For example, attacker exploits a vulnerability to briefly acquire root shell access. Attacker uses this to do two things: read the password and run "chattr +i ${file}". Now your attacker has the current password and has taken a step to prevent it from being changed.
-- Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
