MC passwords in images?
Bert Freudenberg
bert at impara.de
Fri Nov 4 20:26:43 UTC 2005
Am 04.11.2005 um 20:56 schrieb Andreas Raab:
> Bert Freudenberg wrote:
>> Since Monticello-bf.266, passwords were removed at image startup.
>> It does not remove the user name, instead, you are asked for the
>> password if a user name is set but no password.
>> Because people did not like having to re-enter the password after
>> each image start, Monticello-bf.268 changed that to reset the
>> passwords only if the author initials were reset, too.
>
> Ouch!!! This is so unbelievably naive I can hardly believe it. Does
> anyone besides me realize *when* exactly the author initials get
> cleared? It's when the full path to the image is different. So,
> let's say I have an image which at C:\Squeak\SqueakX.Y.image and I
> give that to somebody else and that person puts the image into C:
> \Squeak\ what do we get? We get all the passwords in nice and plain
> text.
I know. But convenience is what most people care about, rather than
security. For example, when my version was merged into another MC
branch, even this simple password-resetting was explicitly left out.
I personally only use the external file method. It nils out the
password before snapshotting the image.
Besides, the username/password is transmitted over the internet
unencrypted, using HTTP basic authorization, so you shouldn't use
valuable passwords anyway. Also, squeaksource stores those plain-text
passwords unencrypted.
There is another problem when people fill in the password in the MC
repository creation dialog - this string is remembered even though
the password is reset. One should only ever fill in the username there.
- Bert -
More information about the Squeak-dev
mailing list
|