MC passwords in images?

Martin Wirblat sql.mawi at t-link.de
Fri Nov 4 20:31:04 UTC 2005


The image *is* the reasonably secure location and it is the primary 
reasonable place in a Smalltalk world for passwords. You just have to 
remember that it contains data ;-) And there is more than just 
Monticello passwords - usually overlooked in such cases like yours. What 
about a "deprivatizing" method that

- gets called on invoking "save as.." or "save as new version" and a 
confirmation from the user regarding the deleting of sensitive data
- clears passwords, proxy info etc.
- can possibly be registered like #shutDown

Regards,
Martin

  Andreas Raab wrote:
> Hi Folks,
> 
> I just noticed that I handed out a whole bunch of images with plain-text 
> passwords for various of the more sensitive repositories, thanks a lot 
> (and no, if you have one of those it won't work any longer - I changed 
> them). So for those of you who use MC and at times pass images around it 
> is probably useful to check who's been in those repositories recently.
> 
> Oh, and is anyone out there interested in implementing a password 
> manager that stores passwords *outside* of an image in a reasonably 
> secure location?
> 
> Cheers,
>   - Andreas
> 
> 




More information about the Squeak-dev mailing list