On 15 June 2014 09:19, John Mark Vandenberg <[email protected]> wrote:
> We have four sets of cleartext passwords (http & proxy & db), and secrets > such as various API keys and mw cookies and edit tokens. > > The passwords are stored in two files in clear text (user-config.py and. > passwd). Other secrets are in cached api files, etc. > I would like to introduce an optional dependency on a library to manage > (some of?) these secrets. The current secret storage would continue to work > correctly. > > The keyring package is the obvious candidate. Any objections or > improvements on that? > I'm not completely sure how that would work -- I see how it could work as alternative to ~/.pywikibot, but it might be problematic for people with multiple checkouts for different usernames/bots. In addition, I'm afraid this might make the credential storage fairly opaque: you'd need to run some script to set the password, instead of just editing a config file. What's the major advantage over a file with 600 permissions? Will it prevent local administrators from accessing the password? (they could also just sniff the password from the network traffic...) One last point: I think cached api files should *not* store passwords. The exception are the tests, which cache everything to make sure tests run reasonably fast. Merlijn
_______________________________________________ Pywikipedia-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/pywikipedia-l
