From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/72321 Path: news.gmane.org!not-for-mail From: Michael Albinus Newsgroups: gmane.emacs.gnus.general Subject: Re: Password protection Date: Thu, 30 Sep 2010 19:19:07 +0200 Message-ID: <87iq1nw3n8.fsf@gmx.de> References: <87sk0t3oxm.fsf@lifelogs.com> <87fwwszd1i.fsf@lifelogs.com> <87wrq4wcpc.fsf@lifelogs.com> <87tyl8xp7u.fsf@gmx.de> <87eiccw9ku.fsf@lifelogs.com> <87vd5nx5wa.fsf@gmx.de> <8739sr8c9h.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1285867195 6865 80.91.229.12 (30 Sep 2010 17:19:55 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Thu, 30 Sep 2010 17:19:55 +0000 (UTC) Cc: ding@gnus.org To: Ted Zlatanov Original-X-From: ding-owner+M20694@lists.math.uh.edu Thu Sep 30 19:19:54 2010 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1P1MnR-0005Ds-Pw for ding-account@gmane.org; Thu, 30 Sep 2010 19:19:54 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1P1MnM-00058I-Kr; Thu, 30 Sep 2010 12:19:48 -0500 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1P1MnK-000581-JR for ding@lists.math.uh.edu; Thu, 30 Sep 2010 12:19:46 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx1.math.uh.edu with esmtp (Exim 4.72) (envelope-from ) id 1P1MnJ-0000DW-F2 for ding@lists.math.uh.edu; Thu, 30 Sep 2010 12:19:46 -0500 Original-Received: from mailout-de.gmx.net ([213.165.64.23] helo=mail.gmx.net) by quimby.gnus.org with smtp (Exim 3.36 #1 (Debian)) id 1P1MnI-0001iR-00 for ; Thu, 30 Sep 2010 19:19:44 +0200 Original-Received: (qmail invoked by alias); 30 Sep 2010 17:19:13 -0000 Original-Received: from p4FC18A28.dip0.t-ipconnect.de (EHLO detlef.gmx.de) [79.193.138.40] by mail.gmx.net (mp009) with SMTP; 30 Sep 2010 19:19:13 +0200 X-Authenticated: #3708877 X-Provags-ID: V01U2FsdGVkX18kmuI8ZAgkToCf3HD9Qk47zgN//kdQdjrj2Ny0uL MtvLHgrqV10FHZ In-Reply-To: <8739sr8c9h.fsf@lifelogs.com> (Ted Zlatanov's message of "Thu, 30 Sep 2010 10:46:50 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) X-Y-GMX-Trusted: 0 X-Spam-Score: -1.9 (-) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:72321 Archived-At: Ted Zlatanov writes: > MA> Hmm. Just a rough idea: what a about a new lisp object "password"? It > MA> can be created only via an (interactive) C-level function, and another > MA> C-level function returns the carried string. On lisp level, the value > MA> is available only as hash string of the password itself. By this, > MA> functions like `eq' or `string-equal' could still be applied. > > MA> C-level functions, visible in lisp (like `process-send-string' or > MA> `dbus-call-method'), could be tought to accept a password *or* a string > MA> as parameter. > > So only a process or C code can see or set the real value of a secret > token? That seems like a great idea. Btw: we should not overestimate the kind of protection. Everybody can install an asynchronous process, send the password object via process-send-string, and read the plain password in the process buffer. Everything on Elisp level. > Ted Best regards, Michael.