Re: RFC: common database policy/infrastracture

To: debian-devel@lists.debian.org
Cc: Debian Developers <debian-devel@lists.debian.org>
Subject: Re: RFC: common database policy/infrastracture
From: Andreas Tille <tillea@rki.de>
Date: Thu, 16 Dec 2004 14:22:25 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.61.0412161419470.7600@wr-linux02>
In-reply-to: <[🔎] b2cc26e4041216051135375b8c@mail.gmail.com>
References: <Pine.LNX.4.61.0412132032310.7146@wr-linux02> <20041216004440.GB10884@seanius.net> <[🔎] Pine.LNX.4.61.0412160731400.7600@wr-linux02> <[🔎] b2cc26e4041216051135375b8c@mail.gmail.com>

On Thu, 16 Dec 2004, Olaf van der Spek wrote:

Yes, but I do not want to store the password *anywhere* - it could even
be removed from debconf database because it makes no sense to store it
in case the local maintainer changes the database password the value
is absolutely useless in any config file or debconf database.  Moreover
it is even a security risk to store a password in an additional place.


If it's only readable by root, how much of a risk is it really?

Why should I use md5 passwords if they are stored in /etc/shadow which
is only readable by root?

IMHO, it is a good idea not to store passwords in clear text if there
is no reason to do so.  If a temporary file at install time suffices
I just prefer this over permanent storage.

Kind regards

        Andreas.

--
http://fam-tille.de

Reply to:

Follow-Ups:
- Re: RFC: common database policy/infrastracture
  - From: Olaf van der Spek <olafvdspek@gmail.com>

References:
- Re: RFC: common database policy/infrastracture
  - From: Andreas Tille <tillea@rki.de>
- Re: RFC: common database policy/infrastracture
  - From: Olaf van der Spek <olafvdspek@gmail.com>

Prev by Date: Re: RFC: common database policy/infrastracture
Next by Date: Re: LCC and blobs
Previous by thread: Re: RFC: common database policy/infrastracture
Next by thread: Re: RFC: common database policy/infrastracture
Index(es):
- Date
- Thread