Re: RFC: common database policy/infrastracture
On Thu, 16 Dec 2004 14:22:25 +0100 (CET), Andreas Tille <email@example.com> wrote:
> On Thu, 16 Dec 2004, Olaf van der Spek wrote:
> >> Yes, but I do not want to store the password *anywhere* - it could even
> >> be removed from debconf database because it makes no sense to store it
> >> in case the local maintainer changes the database password the value
> >> is absolutely useless in any config file or debconf database. Moreover
> >> it is even a security risk to store a password in an additional place.
> > If it's only readable by root, how much of a risk is it really?
> Why should I use md5 passwords if they are stored in /etc/shadow which
> is only readable by root?
Because system passwords aren't 'needed' by any applications to
authenticate themselves to the system, while database passwords are.
> IMHO, it is a good idea not to store passwords in clear text if there
> is no reason to do so. If a temporary file at install time suffices
> I just prefer this over permanent storage.
True, but how many database apps work without storing the password?