On Fri, Oct 21, 2011 at 11:02 AM, Henrik Ingo <[email protected]> wrote: > My proposed configuration is safe and useful for localhost (ie > developer desktop).
For localhost, we should support peercred auth via unix domain sockets. I was supposed to implement that during GSoC, but that was the only part I didn't manage to do. >> So you're saying that storing system account passwords in plaintext >> files is a good idea? > > No, that's what auth-file does. That is bad. > > In auth_pam your password will typically be in /etc/shadow in the > hashed format as it is now already. The problem is that it is sent > over the wire in plaintext. This is similar to how you would login > with telnet. So where does that plaintext password come from? Typically it's stored in a conf file (of the client app). > So what I'm proposing is secure on localhost (very friendly for > developers and anyone testing drizzle), and would be completely secure > if SSL was supported and perhaps even enforced in a default > configuration. SSL isn't completely secure, especially due to the situation with certs. -- Olaf _______________________________________________ Mailing list: https://launchpad.net/~drizzle-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~drizzle-discuss More help : https://help.launchpad.net/ListHelp
