[Nix-dev] store & passwords - once again
Marc Weber
marco-oweber at gmx.de
Thu Jul 26 15:13:28 CEST 2012
>From security point of view: Whether you store ways to decode encrypted
passwordsin /root/additional-stuff or store the passwords - what is the
difference? If you're root you can access both.
I'd even propose a second change:
builtins.__writeArbitraryFile "/root/directory" "text-contents"
Should use a hash function to create a filename and return that based on
"text-contents". This way new contents will
yield a different path. Then you can rollback more easily, and
everything feels little more functional (don't write a file twice if it
exists - contents should be the same)
I know that that suggestion is not perfect. But a lot better than what
you can find in media wiki:
dbPassword = mkOption {
default = "";
example = "foobar";
description = ''
The password of the database user. Warning: this is stored in
cleartext in the Nix store!
'';
};
Marc Weber
More information about the nix-dev
mailing list