machine-id is a secret that is machine unique. unless an outsider has local access to the machine, this should remain a secret. moreover, by salting it with something else (e.g., $0 [or, perhaps, the local users' encrypted password), even if the machine-id were leaked, it would not leak further. I am using
my $midf= (-e "/usr/local/var/lib/dbus/machine-id") ? "/usr/local/var/lib/dbus/machine-id" : "/etc/machine-id"; app->secrets(md5_base64($midf.$0)); I am presuming that this is good enough practice. /iaw ---- Ivo Welch ([email protected]) http://www.ivo-welch.info/ J. Fred Weston Distinguished Professor of Finance Anderson School at UCLA, C524 Free Finance Textbook, http://book.ivo-welch.info/ Exec Editor, Critical Finance Review, http://www.critical-finance-review.org/ Editor and Publisher, FAMe, http://www.fame-jagazine.com/ On Mon, Apr 17, 2017 at 1:31 PM, Dan Book <[email protected]> wrote: > Any default would be insecure in some way. It must be set by the user to > some secret to avoid being guessable. > > On Mon, Apr 17, 2017 at 2:21 PM, iaw4 <[email protected]> wrote: > >> >> suggestion? >> >> would it make sense to set the passphrase to "moniker" encoded with the >> machine-id as the default, rather than stating the warning message? is >> there a reason why this is not a good idea? I see linux and osx have >> machine-id. I am not sure about other OS's. >> >> of course, I can change it myself. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Mojolicious" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at https://groups.google.com/group/mojolicious. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Mojolicious" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/mojolicious/qYXR_IYFTUo/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/mojolicious. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Mojolicious" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/mojolicious. For more options, visit https://groups.google.com/d/optout.
