MC passwords in images?

Andreas Raab andreas.raab at
Sat Nov 5 17:18:11 UTC 2005

Cees De Groot wrote:
> On 11/5/05, Andreas Raab <andreas.raab at> wrote:
>>If there is no
>>sensitive data in the image, then there is nothing to remember about
>>sensitive data.
> And is there? Apart from the obvious bit? What about that
> company-internal presentation in that project nested three levels
> deep? It'd be nice if you could mark a project 'sensitive' and
> scrub&save would notice it, no? Bummer if you hand out an image with
> salary figures but the odd MC password safely in an external file ;)

And that of course is making my point. Because if that presentation 
weren't in your image then again, you wouldn't be handing it out.

> I'm not denying that storing passwords outside the image is a good
> idea. I'm rallying against the notion that if you put MC passwords in
> a file that we can all share images. So, instead of a patch - add a
> bit of code to MC to put passwords outside the image, I'd like to see
> a real fix for this issue.

As I pointed out in my last message there are three real fixes for the 
issue - and Scrub&Save is not one of them.

> So, we can probably agree that both are needed - a keyring and a
> scrubber. And diligence to mark stuff as sensitive, both by the
> developer and by the user, is also needed.

Actually, we don't agree. From my POV, a scrubber is pointless, simply 
because it requires you to remember that some random image that you're 
about to give to someone contains sensitive information. And if you 
don't remember you are toast, which is exactly what happened to me.

> Anyway, i'll be more than happy to work on the keyring code. It just
> shouldn't be a part of Monticello in the form of an ad-hoc fix. Ditto
> for scrubbing.

I think that an ad-hoc fix for an immediate problem is just fine for my 

   - Andreas

More information about the Squeak-dev mailing list