On Dec 3, 2007 2:05 PM, Charles E. Campbell, Jr. wrote: > > Matt Wozniski wrote: > > > Fixing that to use a script-local variable would definitely be > >a worthwhile change that should be made ASAP, though it still wouldn't > >protect you from plaintext passwords being in your core files. > > Yes, I've done that for v116g.
Glad to hear it. :) > >While we're at it, what is a reasonable use-case for why someone would > >need a getpid() function? Why would we need to know our PID? > > > > > Assuming that I have an encrypt/decrypt function pair, the pid could be > used as a single-session p/w that would be transparent to the user. I > don't see any point in saving a ftp password but requiring the user to > enter some other password to make the ftp password available. Such > things as recording the hundredth of a second that vim/gvim started > along with the pid would act as an improved session-only password. Sure, I understand that you could use it as a key to encrypt the password, but what I'm really asking is what you gain from that. Is it really more secure to have an encrypted string and its decryption key stored in memory than it is to have an unencrypted string in memory? Particularly on an open-source project where anyone who wants to can view your source code? ~Matt --~--~---------~--~----~------------~-------~--~----~ You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php -~----------~----~----~----~------~----~------~--~---
