[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg
From: |
Lars Ingebrigtsen |
Subject: |
bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg |
Date: |
Mon, 30 Jan 2012 17:18:03 +0100 |
User-agent: |
Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.92 (gnu/linux) |
"Roland Winkler" <winkler@gnu.org> writes:
> But then it appears to me that elsewhere there is a problem:
>
> Why is it necessary that Emacs reads this file three gazillion
> times? I would assume: reading the encrypted file once and holding
> the content in memory cannot be more unsecure than storing the
> sensitive information in an unencrypted file.
Yes, that's more secure. Now that you mention it, perhaps we did fix
the aggressive password prompting? I seem to remember adding a cache at
some point...
Anyway, having to enter a password for (say) sending email, even if your
SMTP server isn't password-protected (as you have to do with
.authinfo.gpg) isn't particularly ideal.
So I think the .authinfo.gpg concept isn't a good thing. (But
encrypting tokens in the .authinfo file might be.)
And perhaps the password token in .authinfo should always be obscured,
at least, to avoid accidentally spilling the passwords (visually) if you
do a grep .* or something. (This is what all the other
password-hoarding applications like Firefox, Chrome, etc do by default.)
--
(domestic pets only, the antidote for overdose, milk.)
http://lars.ingebrigtsen.no * Sent from my Rome
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, (continued)
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Lars Ingebrigtsen, 2012/01/30
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Chong Yidong, 2012/01/31
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Lars Ingebrigtsen, 2012/01/31
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Ted Zlatanov, 2012/01/31
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Michael Albinus, 2012/01/31
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Roland Winkler, 2012/01/28
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Lars Ingebrigtsen, 2012/01/28
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Roland Winkler, 2012/01/28
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg,
Lars Ingebrigtsen <=
- bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg, Roland Winkler, 2012/01/30