On Sun, 27 Dec 2009, Marc Weber wrote:
Pierron, Michael: Thank you for your feedback.
The solution writing a file would be a hack. It could be made more
secure by allowing writing to a specific directory only.
But it would break many things such as prebuilding system derivations
(which is used by live-cds)..
Can we think about constraints we require to let builders write passwords into
the store?
Perhaps a dumb question, but why not just store salted hashed passwords?
Then who cares if it ends up world readable?
--
Russell O'Connor <http://r6.ca/>
``All talk about `theft,''' the general counsel of the American Graphophone
Company wrote, ``is the merest claptrap, for there exists no property in
ideas musical, literary or artistic, except as defined by statute.''
_______________________________________________
nix-dev mailing list
[email protected]
https://mail.cs.uu.nl/mailman/listinfo/nix-dev
