Keith Robertson has posted comments on this change. Change subject: packaging: Updated fetching db params from pgpass ......................................................................
Patch Set 2: Alon, I am glad to hear that we are changing. However, I would like to point out that we are not actually 'encrypting' the password. Rather that we are merely obfuscating it. The word 'encrypting' sort of implies that there is no stored key. In this case, there *must* be a stored key that we *ship* with the application; otherwise, we would not be able to "decrypt" the password. For what it's worth, I think that we should not announce that the password is "encrypted" because that give a false sense of security. We either say we are obfuscating it to prevent accidental display *or* even better we set the ACLs on the file to 640 so that it isn't world readable and simply leave the password un-obfuscated. There is a broad precedent for plain text passwords in /etc/ and I think that as long as you set the ACLs properly on the file then plaintext passwords are fine. Here are some examples: - /etc/fstab <-- You can put plain text passwords in here for SMB mounts. - /etc/ldap.secred <-- Plain text passwords in here for admin user - and on and on and on. -- To view, visit http://gerrit.ovirt.org/11826 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ic28e0d1da86bc1a8c7ba909aad3cd541bab80e36 Gerrit-PatchSet: 2 Gerrit-Project: ovirt-log-collector Gerrit-Branch: master Gerrit-Owner: Alex Lourie <[email protected]> Gerrit-Reviewer: Alex Lourie <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Juan Hernandez <[email protected]> Gerrit-Reviewer: Keith Robertson <[email protected]> Gerrit-Reviewer: Kiril Nesenko <[email protected]> Gerrit-Reviewer: Ofer Schreiber <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
