On Fri, Oct 21, 2011 at 12:08 PM, Olaf van der Spek <[email protected]> wrote: > On Fri, Oct 21, 2011 at 11:02 AM, Henrik Ingo <[email protected]> > wrote: >> My proposed configuration is safe and useful for localhost (ie >> developer desktop). > > For localhost, we should support peercred auth via unix domain > sockets. I was supposed to implement that during GSoC, but that was > the only part I didn't manage to do.
But is this something that will just work by default? Do you have good links? >>> So you're saying that storing system account passwords in plaintext >>> files is a good idea? >> >> No, that's what auth-file does. That is bad. >> >> In auth_pam your password will typically be in /etc/shadow in the >> hashed format as it is now already. The problem is that it is sent >> over the wire in plaintext. This is similar to how you would login >> with telnet. > > So where does that plaintext password come from? Typically it's stored > in a conf file (of the client app). I'm thinking more of the use case where you use the drizzle client app and type in the password. Either way, in all use cases I know of the password is input to the client in plain text format anyway. How to store that securely in an app is a different problem - all the ones I've seen just store it in plaintext in a file, including well known PHP apps like Drupal. >> So what I'm proposing is secure on localhost (very friendly for >> developers and anyone testing drizzle), and would be completely secure >> if SSL was supported and perhaps even enforced in a default >> configuration. > > SSL isn't completely secure, especially due to the situation with certs. And you are suggesting instead? henrik -- [email protected] +358-40-8211286 skype: henrik.ingo irc: hingo www.openlife.cc My LinkedIn profile: http://www.linkedin.com/profile/view?id=9522559 _______________________________________________ Mailing list: https://launchpad.net/~drizzle-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~drizzle-discuss More help : https://help.launchpad.net/ListHelp
