MC passwords in images?

Cees De Groot cdegroot at gmail.com
Sat Nov 5 11:20:41 UTC 2005


On 11/5/05, Andreas Raab <andreas.raab at gmx.de> wrote:
> If there is no
> sensitive data in the image, then there is nothing to remember about
> sensitive data.

And is there? Apart from the obvious bit? What about that
company-internal presentation in that project nested three levels
deep? It'd be nice if you could mark a project 'sensitive' and
scrub&save would notice it, no? Bummer if you hand out an image with
salary figures but the odd MC password safely in an external file ;)

I'm not denying that storing passwords outside the image is a good
idea. I'm rallying against the notion that if you put MC passwords in
a file that we can all share images. So, instead of a patch - add a
bit of code to MC to put passwords outside the image, I'd like to see
a real fix for this issue.

So, we can probably agree that both are needed - a keyring and a
scrubber. And diligence to mark stuff as sensitive, both by the
developer and by the user, is also needed. .

Anyway, i'll be more than happy to work on the keyring code. It just
shouldn't be a part of Monticello in the form of an ad-hoc fix. Ditto
for scrubbing.



More information about the Squeak-dev mailing list