> > machine-id is a secret that is machine unique. unless an outsider has > local access to the machine, this should remain a secret. moreover, by > salting it with something else (e.g., $0 [or, perhaps, the local users' > encrypted password), even if the machine-id were leaked, it would not leak > further. I am using > > my $midf= (-e "/usr/local/var/lib/dbus/machine-id") ? > "/usr/local/var/lib/dbus/machine-id" : "/etc/machine-id"; > app->secrets(md5_base64($midf.$0)); > > I am presuming that this is good enough practice. >
Platform specific security relevant code, that will be pretty hard to test and explain to our users. What could possibly go wrong? :) -- sebastian -- You received this message because you are subscribed to the Google Groups "Mojolicious" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/mojolicious. For more options, visit https://groups.google.com/d/optout.
