On Dec 5, 2007 1:21 AM, thomas wrote: > > > Thank you, Ben! That's exactly what I meant. > > For this, keeping a variable in a script-local function would suffice > -- I personally haven't found a way yet to access a s:var. > ... > Also, you will most likely have to define functions that decrypt the > stuff. So, if bad people really gained access to your terminal, > nothing would stop them from calling these functions (calling > script-local functions isn't difficult). This could be less safe than > keeping them plain text in a script-local variable (which I don't > know how to access from within an unpatched vim).
/me nods emphatically. That's what I was trying to express but couldn't seem to find the words for. It doesn't protect you against a determined hacker, or against inspection of your core files, but just using plaintext in a s: var protects you from "curious co-worker attacks". > BTW maybe I missed something but if you store passwords in a > script local variable how could they show up in session files? In fact, s: variables don't seem to be saved in session files, either (correct me if I'm wrong, but that's what a quick test, as well as a glance at the help, seemed to show). > Against which kind of attacks would you like to protect the > passwords? > > #1 echo > :echo g:my_passwords > > #2 session > :exec 'edit '. v:this_session > > #3 core dump inspection? > > #4 ... > Does anyone know of a way to display an s:var from inside vim? If not, using plaintext in an s:var protects you from #1 and #2, and there is no way to protect against #3: Someone with access to your core file can access the encryption key (even if it's vim's start time, vim has to be storing that somewhere to give it to you) and the encrypted text, as well as vim's decrypt function. What would encryption give us that s: vars don't? ~Matt --~--~---------~--~----~------------~-------~--~----~ You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php -~----------~----~----~----~------~----~------~--~---
