|
AICCU cleartext password?
![[se]](/s/countries/se.gif) Carmen Sandiego on Monday, 05 February 2007 17:32:09
I'm just going to state my simple question and hope that someone knows the answer :)
So I am wondering if the password in aiccu.conf needs to be in cleartext? I consider it to be quite unsecure.
//Max
AICCU cleartext password?
Just set the permissions on the configuration file correctly, they default to 600 on unix alike systems and they can also be configured correctly on a Windows machine.
If you can't trust who has access to the file then, then you have bigger problems.
Unfortunately there is no way around this, as the authentication system requires a password, and it has to be stored somewhere. One can of course crypt the password on disk, but then some tool needs to know how to decrypt it again because it needs the plaintext password to make the hash.
If you have a good solution to it, the of course, bring it forward.
And yes... as documented the heartbeat passwords are in plaintext as TIC is not protected. Which is why AICCU has an option for SSL, the server has to support it still though.
|
![[ch]](/s/countries/ch.gif)
on Monday, 05 February 2007 17:41:57
Posting is only allowed when you are