FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 02-11-2011, 01:44 PM
Alain Roger
 
Default username, password for proxy setting in yum and for other purpose

Hi,



at work i installed Fedora 14 and i needed to export http_proxy variable because we use a proxy.

however, for now it is written in plaintext in .bashrc file and in yum.conf file.



this has 2 issue.

1. my username and password are human readable

2. in our company password must be changed every 60 days.



a) how can i store username and password in a not human readable way
(encrypted for example) a still make it available for yum, or ther
purposes like firefox ?

b) how can i do to only once change it and that change should be applicable for all purposes like yum, firefox, and so on... ?

thank a lot,


--
Alain
-----------------------------------------------------------
Windows 7 x64 / Fedora 14 x64
PostgreSQL 8.3.5 / MySQL 5
Apache 2.2.16
PHP 5.3.1
C# 2005-2008

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 02-11-2011, 02:18 PM
Tim
 
Default username, password for proxy setting in yum and for other purpose

On Fri, 2011-02-11 at 15:44 +0100, Alain Roger wrote:
> 2. in our company password must be changed every 60 days.

Actually, that's not a security measure. It's a false belief. And
tends to have the opposite effect.

It's harder for people to remember changing passwords, particularly when
they have to remember lots of different passwords. So they're far more
likely to write it down, and they're likely to write it somewhere that's
easily spied upon.

Changing it won't make it any harder to make a random guess at it. It's
just about as hard to guess it, no matter whether it stays the same, or
periodically changes. Or, it's just as likely that you might guess what
it changed to, as guess what it has always been. Likewise, it's only
one chance easier to guess a password that isn't changed by going
through a dictionary attack and keeping track of which words you've
already tried (i.e. if you could pick one word from a list of 600,000
words that you might use, that's a 1/600,000 chance of guessing it; then
if you changed it, it's a 1/599,999 chance of getting it right,
presuming no repeats, that's hardly a significant change).

If a password has already been cracked, that should have been detected.
If you're not checking for cracking attempts, you're not doing good
security.

> a) how can i store username and password in a not human readable way
> (encrypted for example) a still make it available for yum, or ther
> purposes like firefox ?

Encrypted whole drive contents, so it's ready normally while running,
but isn't readable if someone steals the drive?

Run a local proxy that uses your password to access the secured one, and
your local apps all go through your unsecured but restricted local
proxy?

Securing the local copy is going to be a bit pointless if you blurt it
out unencrypted across the network (e.g. in HTTP requests) to be easily
seen, anyway.

> b) how can i do to only once change it and that change should be
> applicable for all purposes like yum, firefox, and so on... ?

The simple solution for setting your password in one place, and
everything always using *that* password, is for all configuration files
that have a password set into them, their config scripts import your
password from a single known file that holds the password.

What about don't store the password in a file. Store it as a variable
held in memory. You type it in once, when requested to, and everything
sources that variable. And it's reset when you log out.


--
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 02:15 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org