Am 04.11.2005 um 20:56 schrieb Andreas Raab:

> Bert Freudenberg wrote:
>> Since Monticello-bf.266, passwords were removed at image startup.  
>> It  does not remove the user name, instead, you are asked for the   
>> password if a user name is set but no password.
>> Because people did not like having to re-enter the password after   
>> each image start, Monticello-bf.268 changed that to reset the   
>> passwords only if the author initials were reset, too.
>
> Ouch!!! This is so unbelievably naive I can hardly believe it. Does  
> anyone besides me realize *when* exactly the author initials get  
> cleared? It's when the full path to the image is different. So,  
> let's say I have an image which at C:\Squeak\SqueakX.Y.image and I  
> give that to somebody else and that person puts the image into C: 
> \Squeak\ what do we get? We get all the passwords in nice and plain  
> text.

I know. But convenience is what most people care about, rather than  
security. For example, when my version was merged into another MC  
branch, even this simple password-resetting was explicitly left out.  
I personally only use the external file method. It nils out the  
password before snapshotting the image.

Besides, the username/password is transmitted over the internet  
unencrypted, using HTTP basic authorization, so you shouldn't use  
valuable passwords anyway. Also, squeaksource stores those plain-text  
passwords unencrypted.

There is another problem when people fill in the password in the MC  
repository creation dialog - this string is remembered even though  
the password is reset. One should only ever fill in the username there.

- Bert -