[Klug-general] password / security question / coding
Mike Evans
mike at tandem.f9.co.uk
Sat Oct 18 17:16:19 UTC 2008
>
> obviously storing in plain text is not ideal so looking for the most
> secure solution so let me know, i am not a security expert myself so
> looking for others opinions / ideas.
>
Putting passwords in plain in a stored file is not only less than ideal
it is folly. Don't ever (and I mean ever) do it. Even holding them in
the memory of a computer in plain should be done for as short a time as
possible. This can be done by decrypting as late as possible, and once
used ensuring that the memory used by the variable is overwritten.
If possible I would also suggest that connectivity and authentication
between a server manager and managed servers should be done using tried
and tested security mechanisms, such as ssh validated by certificates in
both directions. Remember that once a hostile party has access to any
machine on the network packet sniffing is trivial.
Mike
More information about the Kent
mailing list