Am 04.11.2005 um 20:08 schrieb Andreas Raab:
Hi Folks,
I just noticed that I handed out a whole bunch of images with plain- text passwords for various of the more sensitive repositories, thanks a lot (and no, if you have one of those it won't work any longer - I changed them). So for those of you who use MC and at times pass images around it is probably useful to check who's been in those repositories recently.
Since Monticello-bf.266, passwords were removed at image startup. It does not remove the user name, instead, you are asked for the password if a user name is set but no password.
Because people did not like having to re-enter the password after each image start, Monticello-bf.268 changed that to reset the passwords only if the author initials were reset, too.
Oh, and is anyone out there interested in implementing a password manager that stores passwords *outside* of an image in a reasonably secure location?
I did, a while ago (in Monticello-bf.238 from 14 April 2005):
userAndPasswordFromSettingsDo: aBlock "The mcSettings file in ExternalSettings preferenceDirectory should contain entries for each account: account1: *myhost.mydomain* user:password account2: *otherhost.mydomain/somerep* dXNlcjpwYXNzd29yZA==
That is it must start with 'account', followed by anything to distinguish accounts, and a colon. Then comes a match expression for the repository url, and after a space the user:password string. To not have the clear text password on your disc, you can base64 encode it: (Base64MimeConverter mimeEncode: 'user:password' readStream) contents "
- Bert -
squeak-dev@lists.squeakfoundation.org