On Thu, Jan 27, 2005 at 03:26:44PM -0600, Charles Cazabon wrote: > And who cares about the user's SMTP AUTH password being asked? Put > it in the relay agent's control file, readable only by the user. > It's exactly the same security -- only the user and root can read > it, and root can already extract it from the process's memory space > if he wants to, so no change there. Not so. If it's laying around in the user's filesystem space, that presents a much greater opportunity that an attacker can get it by compromising the users account and simply reading it in the clear from the file, than if you had to dig around in a process's memory to find it. Especially since the program could use some sort of encryption to store it in core... -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers.
Attachment:
pgpoymq5uJB0X.pgp
Description: PGP signature