On Wed, 5 Dec 2007 at 2:34pm, Matt Wozniski wrote:
> > On Dec 5, 2007 1:21 AM, thomas wrote: >> >>> Thank you, Ben! That's exactly what I meant. >> >> For this, keeping a variable in a script-local function would suffice >> -- I personally haven't found a way yet to access a s:var. >> ... >> Also, you will most likely have to define functions that decrypt the >> stuff. So, if bad people really gained access to your terminal, >> nothing would stop them from calling these functions (calling >> script-local functions isn't difficult). This could be less safe than >> keeping them plain text in a script-local variable (which I don't >> know how to access from within an unpatched vim). > > /me nods emphatically. That's what I was trying to express but > couldn't seem to find the words for. It doesn't protect you against > a determined hacker, or against inspection of your core files, but > just using plaintext in a s: var protects you from "curious co-worker > attacks". It will prevent someone from executing a simple :echo command to see the value, but note that you can always get into the :debug mode to step into the netrw code and then execute the same :echo command, so it only takes a few extra seconds for the "curious". > >> BTW maybe I missed something but if you store passwords in a >> script local variable how could they show up in session files? > > In fact, s: variables don't seem to be saved in session files, either > (correct me if I'm wrong, but that's what a quick test, as well as a > glance at the help, seemed to show). > >> Against which kind of attacks would you like to protect the >> passwords? >> >> #1 echo >> :echo g:my_passwords >> >> #2 session >> :exec 'edit '. v:this_session >> >> #3 core dump inspection? >> >> #4 ... >> > > Does anyone know of a way to display an s:var from inside vim? > If not, using plaintext in an s:var protects you from #1 and #2, > and there is no way to protect against #3: Someone with access > to your core file can access the encryption key (even if it's vim's > start time, vim has to be storing that somewhere to give it to you) > and the encrypted text, as well as vim's decrypt function. What > would encryption give us that s: vars don't? > > ~Matt -- Hari --~--~---------~--~----~------------~-------~--~----~ You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php -~----------~----~----~----~------~----~------~--~---