Hi Marcel,

this reads like the central password-safe storage Tobias proposed earlier
> in this thread.
>

Okay, but #userAndPasswordFromSettingsDo: exists and works now.  There's an
opportunity to improve the system by mere deletion.


> That storage can be in the file system anyway or use a dedicated interface
> to the VM to wipe its contents from the object space.
>

Except we're not wiping the contents on image save, so everyone's passwords
are being left in dozens of images.  People reuse sensitive passwords.  We
should care about that.


> I would rather not hard-code it to always rely on file-system access
> though. :-) Squeak runs without even having access to .changes file.
>

For this, please prioritize for security first.  Monticello doesn't run
without the filesystem.  We have an easy opportunity to better
safeguard private user data, is there something else that's rubbing you
wrong about this idea?

Best,
  Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20200610/96583181/attachment.html>