[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: secure plist store

From: Ted Zlatanov
Subject: Re: secure plist store
Date: Thu, 30 Jun 2011 07:19:38 -0500
User-agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux)

On Thu, 30 Jun 2011 16:43:33 +0900 Daiki Ueno <address@hidden> wrote: 

DU> Ted Zlatanov <address@hidden> writes:
>> Regardless of the other discussion about netrc files, do you want
>> plstore.el to be an auth-source backend?  The
>> create/search/delete/modify behavior can be defined as you see fit and
>> does not have to work like the netrc backend.

DU> I hope that you don't mind, I've just checked in the plstore backend of
DU> auth-source.  It works pretty well for me.

I don't mind, but it looks like you've copied and pasted a lot of the
netrc code.  This is expedient but we should extract the common
functionality into functions or macros, so it doesn't become a
maintenance nightmare later.

Also you added a generic "arg" parameter to the backend.  The other
parameters are named: source, host, port, user, type.  Can the name be
more specific, so we don't have to guess what it means?  In your case,
it's set to

(plstore-open (plist-get entry :source))

which is, I think, the plstore instance, a defstruct-like vector.  So
maybe the parameter should be called "data" or "instance" or
"internal-data"?  WDYT?

DU> In summary:

DU> - it works with GPG 2 (unlike netrc field encryption)
DU> - it does not run GPG until the secret is really needed (unlike
DU>   ~/.authinfo.gpg)
DU> - it writes secrets in encrypted form (unlike ~/.authinfo)
DU> - the encrypted form can be easily decrypted using M-x
DU>   epa-decrypt-region (unlike netrc field encryption)

DU> - the file format is not easily editable
DU> - the code is not mature (delete is not supported)

It would be great if we had a table explaining all this in the
auth-source manual.  That's very useful information.

DU> Anyway, if you want to try, set:

DU> (setq auth-sources '("~/.emacs.d/auth.plist"))

Thank you for doing this work!  It's great to have varied auth-source
backends that can fit every user's security needs.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]