MC passwords in images?
Martin Wirblat
sql.mawi at t-link.de
Fri Nov 4 20:31:04 UTC 2005
The image *is* the reasonably secure location and it is the primary
reasonable place in a Smalltalk world for passwords. You just have to
remember that it contains data ;-) And there is more than just
Monticello passwords - usually overlooked in such cases like yours. What
about a "deprivatizing" method that
- gets called on invoking "save as.." or "save as new version" and a
confirmation from the user regarding the deleting of sensitive data
- clears passwords, proxy info etc.
- can possibly be registered like #shutDown
Regards,
Martin
Andreas Raab wrote:
> Hi Folks,
>
> I just noticed that I handed out a whole bunch of images with plain-text
> passwords for various of the more sensitive repositories, thanks a lot
> (and no, if you have one of those it won't work any longer - I changed
> them). So for those of you who use MC and at times pass images around it
> is probably useful to check who's been in those repositories recently.
>
> Oh, and is anyone out there interested in implementing a password
> manager that stores passwords *outside* of an image in a reasonably
> secure location?
>
> Cheers,
> - Andreas
>
>
More information about the Squeak-dev
mailing list
|