On 2008-08-28 20:40, Simon Valiquette wrote: > That's obviously true, but that doesn't cover the case when logs are > copied to a second system with sysadmins that doesn't have access to the > first server. And if someone use the standard 514 syslog port instead of > using an SSL tunnel or the newer syslog-tls on port 601, well you get > cleartext password on the wire (yes, people sometime make stupid > mistakes).
I once typed a password accidently in address line of a web browser, which popped up in the wrong moment. This resulted in a DNS query for my password. I hereby declare it a security bug, that the web browser tries to resolve my password! :~) > Personally, I would prefer never to see password stored in clear text > anywhere, whatever the file permissions are. We're talking here about a password that has been typed accidently for other information. We're not talking about a regular password store. If the password is good, nobody will assume a password, but think, that a cat ran over the keyboard. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
