[ashiso <[email protected]> (2013-01-09 20:24:17 UTC)] > > If you want better security, you could keep the username and password > > only in the memory of a long running daemon process. That way, at > > least someone may need to read the virual memory of that process in > > order to get the password, not that this is incredibly hard either. > > > > Hm. Is it really so easy to get the password out of a node process which is > not owned by your user? I hope not! :-)
No, only if you're root or can get access as your user. Which only means you need to trust the sysadmins of the machine running your server. And if you don't, you're probably screwed anyhow. But note that this discussion is based on the premise that others can read your files. If you can get the required protection from a simple chmod, why are we having this discussion in the first place? - Harald -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
