[Nix-dev] Nix(OS) and passwords ? builtins.writeFileToPath proposal
roconnor at theorem.ca
roconnor at theorem.ca
Sun Dec 27 04:25:05 CET 2009
On Sun, 27 Dec 2009, Marc Weber wrote:
> Pierron, Michael: Thank you for your feedback.
>
> The solution writing a file would be a hack. It could be made more
> secure by allowing writing to a specific directory only.
> But it would break many things such as prebuilding system derivations
> (which is used by live-cds)..
>
>
> Can we think about constraints we require to let builders write passwords into the store?
Perhaps a dumb question, but why not just store salted hashed passwords?
Then who cares if it ends up world readable?
--
Russell O'Connor <http://r6.ca/>
``All talk about `theft,''' the general counsel of the American Graphophone
Company wrote, ``is the merest claptrap, for there exists no property in
ideas musical, literary or artistic, except as defined by statute.''
More information about the nix-dev
mailing list