BIND 10 #2716: password in ~/.bind10/default_user.csv is cleartext
BIND 10 Development
do-not-reply at isc.org
Mon Mar 11 17:44:30 UTC 2013
#2716: password in ~/.bind10/default_user.csv is cleartext
-------------------------------------+-----------------------------------
Reporter: cas | Owner:
Type: defect | Status: new
Priority: medium | Milestone:
Component: Unclassified | Resolution:
Keywords: | CVSS Scoring:
Sensitive: 0 | Defect Severity: N/A
Sub-Project: DNS | Feature Depending on Ticket:
Estimated Difficulty: discuss | Add Hours to Ticket: 0
Total Hours: 0 | Internal?: 0
-------------------------------------+-----------------------------------
Comment (by jaspain):
I'd like to submit a suggestion for your consideration.
By default, don’t create ~/.bind10/default-user.csv, which is clearly a
security defect, and require the user to enter a valid user name and
password with each login to bindctl. Removing the existing "single sign-
on" functionality in bindctl makes it a little harder to use, but I have
to deal with lots of other software applications that don’t support single
sign-on anyway, so it’s not a deal breaker.
For those users, developers and testers for example, for whom ease of use
is more important than security, create a command line option to bindctl
as follows:
bindctl [--single-sign-on[=path]].
Specifying the --single-sign-on option would cause the default-user.csv
file to be created at ~/.named or at the specified path.
Remove the existing --csv-file-dir command line option to bindctl.
Thanks. Jeff.
--
Ticket URL: <http://bind10.isc.org/ticket/2716#comment:11>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list