Re: Password leaks are security holes
Simon Valiquette wrote:
> Personally, I would prefer never to see password stored in clear text
> anywhere, whatever the file permissions are. And If I really want to
> still see them, I certainly won't complain if all I have to do is make a
> small change to the default configuration file, telling the system that I
> know what I am doing.
No password is stored in this case. User names (or whatever the user
input as "user name") are. If the user types some other random thing
instead of an user name, that doesn't make it a password, even if the
random garbage happens to be a password. And even if in this case the
password gets stored (not as such, but as a mistakenly typed user name),
it is by default hidden from view, unless the system administrator does
something different, such as your syslog-over-network example.
Do not dry clean.
Eduardo M KALINOWSKI