On 2018-03-23 11:50:52 -0700, Dan Stromberg wrote: > I'd put them in a file with access to the daemon.. > > Putting credentials in an environment variable is insecure on Linux, > because ps auxwwe lists environment variables.
But only those of your own processes. So both methods are about equally
secure: If you can become the daemon user (or root), then you can read
the secret.
(Historically, many unixes allowed all users to read the environment
variables of all processes. I don't know if this is still the case for
e.g. Solaris or AIX - or macOS)
hp
--
_ | Peter J. Holzer | we build much bigger, better disasters now
|_|_) | | because we have much more sophisticated
| | | h...@hjp.at | management tools.
__/ | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>
signature.asc
Description: PGP signature
-- https://mail.python.org/mailman/listinfo/python-list
