On Thu, 16 Dec 2004 14:22:25 +0100 (CET), Andreas Tille <[EMAIL PROTECTED]> wrote: > On Thu, 16 Dec 2004, Olaf van der Spek wrote: > > >> Yes, but I do not want to store the password *anywhere* - it could even > >> be removed from debconf database because it makes no sense to store it > >> in case the local maintainer changes the database password the value > >> is absolutely useless in any config file or debconf database. Moreover > >> it is even a security risk to store a password in an additional place. > > > > If it's only readable by root, how much of a risk is it really? > Why should I use md5 passwords if they are stored in /etc/shadow which > is only readable by root?
Because system passwords aren't 'needed' by any applications to authenticate themselves to the system, while database passwords are. > IMHO, it is a good idea not to store passwords in clear text if there > is no reason to do so. If a temporary file at install time suffices > I just prefer this over permanent storage. True, but how many database apps work without storing the password?