Bert Freudenberg wrote:
Since Monticello-bf.266, passwords were removed at image startup. It does not remove the user name, instead, you are asked for the password if a user name is set but no password.
Because people did not like having to re-enter the password after each image start, Monticello-bf.268 changed that to reset the passwords only if the author initials were reset, too.
Ouch!!! This is so unbelievably naive I can hardly believe it. Does anyone besides me realize *when* exactly the author initials get cleared? It's when the full path to the image is different. So, let's say I have an image which at C:\Squeak\SqueakX.Y.image and I give that to somebody else and that person puts the image into C:\Squeak\ what do we get? We get all the passwords in nice and plain text.
Cheers, - Andreas
Am 04.11.2005 um 20:56 schrieb Andreas Raab:
Bert Freudenberg wrote:
Since Monticello-bf.266, passwords were removed at image startup. It does not remove the user name, instead, you are asked for the password if a user name is set but no password. Because people did not like having to re-enter the password after each image start, Monticello-bf.268 changed that to reset the passwords only if the author initials were reset, too.
Ouch!!! This is so unbelievably naive I can hardly believe it. Does anyone besides me realize *when* exactly the author initials get cleared? It's when the full path to the image is different. So, let's say I have an image which at C:\Squeak\SqueakX.Y.image and I give that to somebody else and that person puts the image into C: \Squeak\ what do we get? We get all the passwords in nice and plain text.
I know. But convenience is what most people care about, rather than security. For example, when my version was merged into another MC branch, even this simple password-resetting was explicitly left out. I personally only use the external file method. It nils out the password before snapshotting the image.
Besides, the username/password is transmitted over the internet unencrypted, using HTTP basic authorization, so you shouldn't use valuable passwords anyway. Also, squeaksource stores those plain-text passwords unencrypted.
There is another problem when people fill in the password in the MC repository creation dialog - this string is remembered even though the password is reset. One should only ever fill in the username there.
- Bert -
On Nov 4, 2005, at 21:26 , Bert Freudenberg wrote:
Besides, the username/password is transmitted over the internet unencrypted, using HTTP basic authorization, so you shouldn't use valuable passwords anyway. Also, squeaksource stores those plain- text passwords unencrypted.
That's not correct. We decided to store a hash (SHA) of the password in SqueakSource rather than plain-text.
Adrian
Am 04.11.2005 um 22:22 schrieb Adrian Lienhard:
On Nov 4, 2005, at 21:26 , Bert Freudenberg wrote:
Besides, the username/password is transmitted over the internet unencrypted, using HTTP basic authorization, so you shouldn't use valuable passwords anyway. Also, squeaksource stores those plain- text passwords unencrypted.
That's not correct. We decided to store a hash (SHA) of the password in SqueakSource rather than plain-text.
I'm sorry, you're right. It was Smallwiki that used plain passwords.
- Bert -
squeak-dev@lists.squeakfoundation.org