On 20/02/14 10:36, Radomir Dopieralski wrote:
On 20/02/14 11:21, Dougal Matthews wrote:
If we do store passwords however, I wonder if we are
best to encrypt everything to be safe. The overhead shouldn't be that
big and it may be better than special casing the "NoEcho" values.
I think that before we start encrypting everything, we need to ask
ourselves the question about system boundaries and about what we are
protecting from what. Otherwise we will end up with ridiculous things
like encrypting the passwords and storing the decryption key right in
the same place. In other words, this has to be designed.
Absolutely. I couldn't agree more and hope I didn't suggest otherwise :)
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
