[geeklog-devel] Atom publishing
Ramnath R Iyer
casual.dodo at gmail.com
Thu May 29 20:22:32 EDT 2008
On Thursday 29 May 2008 17:34:02 Vincent Furia wrote:
> Why encrypt the web services password at all? There is a good chance, if
> an attacker has access to your database he has access to your filesystem
> (and the encryption key). Additionally, what a person can do from a third
> party web site should be limited for security reasons anyway.
One good reason for encrypting the password is to prevent the website owner
from knowing the user's passwords. For example, the user might be using the
same password for many mail accounts too.
--
Ramnath R Iyer
> -Vinny
>
> On Thu, May 29, 2008 at 3:19 PM, Tony Bibbs <tony at tonybibbs.com> wrote:
> > Dunno, pick a place. a .txt file on the file system?!? In that case the
> > system would want to ensure the .txt file is locked down permission-wise.
> >
> > I think your point is where ever we store it we'd better lock it down
> > best as we can. Couldn't agree more.
> >
> > --Tony
> >
> > ----- Original Message ----
> > From: Joe Mucchiello <joe at ThrowingDice.com>
> > To: Geeklog Development <geeklog-devel at lists.geeklog.net>
> > Sent: Thursday, May 29, 2008 3:37:24 PM
> > Subject: Re: [geeklog-devel] Atom publishing
> >
> > Where do you store the cipher key?
> >
> > At 04:09 PM 5/29/2008, Tony Bibbs wrote:
> > >That said, my original question is still valid. If we stored a
> > >password encrypted some 2-way cipher in the DB you could
> >
> > ----
> > Joe Mucchiello
> > Throwing Dice Games
> > http://www.throwingdice.com
> >
> > _______________________________________________
> > geeklog-devel mailing list
> > geeklog-devel at lists.geeklog.net
> > http://eight.pairlist.net/mailman/listinfo/geeklog-devel
> >
> >
> >
> > _______________________________________________
> > geeklog-devel mailing list
> > geeklog-devel at lists.geeklog.net
> > http://eight.pairlist.net/mailman/listinfo/geeklog-devel
--
Ramnath R Iyer
Cornell University
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20080529/cb7c4e2c/attachment.sig>
More information about the geeklog-devel
mailing list