On Tue, Aug 25, 2009 at 8:54 AM, Lars Kotthoff<li...@larsko.org> wrote: > Hi list, > > is it possible to store the account password encrypted in the configuration > file?
It's possible, but slightly pointless. Have a read of Eric Raymond's discussions about Fetchmail, which has the same configuration data :- http://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/ar01s09.html "Another lesson is about security by obscurity. Some fetchmail users asked me to change the software to store passwords encrypted in the rc file, so snoopers wouldn't be able to casually see them. I didn't do it, because this doesn't actually add protection. Anyone who's acquired permissions to read your rc file will be able to run fetchmail as you anyway—and if it's your password they're after, they'd be able to rip the necessary decoder out of the fetchmail code itself to get it. All .fetchmailrc password encryption would have done is give a false sense of security to people who don't think very hard. The general rule here is: 17. A security system is only as secure as its secret. Beware of pseudo-secrets." -jim _______________________________________________ sup-talk mailing list sup-talk@rubyforge.org http://rubyforge.org/mailman/listinfo/sup-talk
