[Spice-devel] [spice-gtk 0/5] Add support for looking up connection credentials in a file
Christophe Fergeau
cfergeau at redhat.com
Tue Jun 4 09:24:42 PDT 2013
On Tue, Jun 04, 2013 at 12:18:12PM -0400, Marc-André Lureau wrote:
> > I disagree with this statement (even if this will not be solved by this
> > series). Something that is automatically used by spice-gtk when provided,
> > but which is not as insecure as putting the password in the URI would be
> > nice to have in spice-gtk.
>
> The URI or API "password" property are not more insecure than a separate file.
A separate file with 0600 permissions will be more secure than passing a
password on the command line (which is then visible by other users using
ps).
Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20130604/7a696b55/attachment.pgp>
More information about the Spice-devel
mailing list