BIND 10 #2716: password in ~/.bind10/default_user.csv is cleartext
BIND 10 Development
do-not-reply at isc.org
Sun Feb 17 11:43:50 UTC 2013
#2716: password in ~/.bind10/default_user.csv is cleartext
-------------------------------------+-------------------------------------
Reporter: cas | Owner:
Type: defect | Status: new
Priority: medium | Milestone: Next-
Component: Unclassified | Sprint-Proposed
Keywords: | Resolution:
Sensitive: 0 | CVSS Scoring:
Sub-Project: DNS | Defect Severity: N/A
Estimated Difficulty: 0 | Feature Depending on Ticket:
Total Hours: 0 | Add Hours to Ticket: 0
| Internal?: 0
-------------------------------------+-------------------------------------
Comment (by muks):
Replying to [comment:2 muks]:
> We'd have to store `~/.bind10/default_user.csv` in cleartext, or
something that can be converted back to clear text on the client-side to
answer the server for HTTP digest authentication.
To clarify, I do not suggest using the `.htdigest` format for this.
`.htdigest` would be unsuitable for it as there's no way to get at the
clear-text password. The `.htdigest` suggestion was for the server-side
`cmdctl-accounts.csv` file.
--
Ticket URL: <http://bind10.isc.org/ticket/2716#comment:5>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list