[geeklog-devel] Atom publishing

Vincent Furia vfuria at gmail.com
Thu May 29 17:34:02 EDT 2008


Why encrypt the web services password at all?  There is a good chance, if an
attacker has access to your database he has access to your filesystem (and
the encryption key).  Additionally, what a person can do from a third party
web site should be limited for security reasons anyway.

-Vinny

On Thu, May 29, 2008 at 3:19 PM, Tony Bibbs <tony at tonybibbs.com> wrote:

> Dunno, pick a place.  a .txt file on the file system?!?  In that case the
> system would want to ensure the .txt file is locked down permission-wise.
>
> I think your point is where ever we store it we'd better lock it down best
> as we can.  Couldn't agree more.
>
> --Tony
>
> ----- Original Message ----
> From: Joe Mucchiello <joe at ThrowingDice.com>
> To: Geeklog Development <geeklog-devel at lists.geeklog.net>
> Sent: Thursday, May 29, 2008 3:37:24 PM
> Subject: Re: [geeklog-devel] Atom publishing
>
> Where do you store the cipher key?
>
> At 04:09 PM 5/29/2008, Tony Bibbs wrote:
> >That said, my original question is still valid.  If we stored a
> >password encrypted some 2-way cipher in the DB you could
>
> ----
> Joe Mucchiello
> Throwing Dice Games
> http://www.throwingdice.com
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
>
>
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20080529/07102003/attachment.html>


More information about the geeklog-devel mailing list