From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/72315
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: Password protection
Date: Thu, 30 Sep 2010 12:07:41 -0500
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @
 Cienfuegos
Message-ID: <87d3rv6tya.fsf@lifelogs.com>
References: <m31v8ec5pm.fsf@quimbies.gnus.org> <87sk0t3oxm.fsf@lifelogs.com>
	<m3y6ak63ug.fsf@quimbies.gnus.org> <87fwwszd1i.fsf@lifelogs.com>
	<m34od8ic3p.fsf@quimbies.gnus.org> <87wrq4wcpc.fsf@lifelogs.com>
	<87tyl8xp7u.fsf@gmx.de> <87eiccw9ku.fsf@lifelogs.com>
	<87vd5nx5wa.fsf@gmx.de> <m339srci5m.fsf@quimbies.gnus.org>
	<87tyl76v2k.fsf@lifelogs.com> <m34od7b2kh.fsf@quimbies.gnus.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1285866479 3337 80.91.229.12 (30 Sep 2010 17:07:59 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Thu, 30 Sep 2010 17:07:59 +0000 (UTC)
To: ding@gnus.org
Original-X-From: ding-owner+M20688@lists.math.uh.edu Thu Sep 30 19:07:58 2010
Return-path: <ding-owner+M20688@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from util0.math.uh.edu ([129.7.128.18])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <ding-owner+M20688@lists.math.uh.edu>)
	id 1P1Mbt-0000tb-UA
	for ding-account@gmane.org; Thu, 30 Sep 2010 19:07:58 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by util0.math.uh.edu with smtp (Exim 4.63)
	(envelope-from <ding-owner+M20688@lists.math.uh.edu>)
	id 1P1Mbs-0004sG-SI; Thu, 30 Sep 2010 12:07:56 -0500
Original-Received: from mx1.math.uh.edu ([129.7.128.32])
	by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.63)
	(envelope-from <postmaster@quimby.gnus.org>)
	id 1P1Mbr-0004s0-3F
	for ding@lists.math.uh.edu; Thu, 30 Sep 2010 12:07:55 -0500
Original-Received: from quimby.gnus.org ([80.91.231.51])
	by mx1.math.uh.edu with esmtp (Exim 4.72)
	(envelope-from <postmaster@quimby.gnus.org>)
	id 1P1Mbm-0000Am-Hp
	for ding@lists.math.uh.edu; Thu, 30 Sep 2010 12:07:54 -0500
Original-Received: from lo.gmane.org ([80.91.229.12])
	by quimby.gnus.org with esmtp (Exim 3.36 #1 (Debian))
	id 1P1Mbl-0001VK-00
	for <ding@gnus.org>; Thu, 30 Sep 2010 19:07:49 +0200
Original-Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <ding-account@m.gmane.org>)
	id 1P1Mbk-0000q0-Qi
	for ding@gnus.org; Thu, 30 Sep 2010 19:07:48 +0200
Original-Received: from 38.98.147.130 ([38.98.147.130])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <ding@gnus.org>; Thu, 30 Sep 2010 19:07:48 +0200
Original-Received: from tzz by 38.98.147.130 with local (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <ding@gnus.org>; Thu, 30 Sep 2010 19:07:48 +0200
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 35
Original-X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: 38.98.147.130
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux)
Cancel-Lock: sha1:4ix/52xwlmBc4lLdzu15PgtQiYQ=
X-Spam-Score: -0.7 (/)
List-ID: <ding.gnus.org>
Precedence: bulk
Xref: news.gmane.org gmane.emacs.gnus.general:72315
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/72315>

On Thu, 30 Sep 2010 18:47:58 +0200 Lars Magne Ingebrigtsen <larsi@gnus.org> wrote: 

LMI> Ted Zlatanov <tzz@lifelogs.com> writes:
>> If it doesn't break existing code, doesn't slow Emacs down, and provides
>> needed functionality we can't get in any other way, they'll probably OK
>> it.  Do you or Michael want to make a proposal or should I?

LMI> I'm not quite sure how it's going to be used, either.  Today, nnimap says

LMI> (process-send-string ... (format "LOGIN %S %S" user password))

LMI> That, obviously, can't work any more.  So in what circumstances will
LMI> this appear?  If it's only in new functions like process-send-password,
LMI> then it kinda seems like the type isn't needed, because we could just
LMI> load it into the C layer without ever exporting it back to the Lisp
LMI> layer at all...

But then you won't be able to pass the secret tokens around or examine
their hashes.  Those are valuable tools for debugging and building more
functionality around the secret tokens.  Generally I'd rather
encapsulate secrets safely than make them inaccessible.

Your example would not change.  I think it could be:

(let ((password (make-secret "hello")))
   (format "%s" password) ; #SECRET#abc123 is the unique one-way hash
   (process-send-string ... password) ; sends the password
   (process-send-string ... #SECRET#abc123) ; sends the password also
   (process-send-string ... (format "%s" #SECRET#abc123)) ; sends the externally useless hash
   (debug password)) ; shows #SECRET#abc123

So only process-send-string and C code would be able to look inside a
secret token.  It will complicate the example code a tiny bit.

Ted