From: Lars Magne Ingebrigtsen <larsi@gnus.org>
To: ding@gnus.org
Subject: Re: Password protection
Date: Thu, 30 Sep 2010 19:17:46 +0200 [thread overview]
Message-ID: <m339sr9mmd.fsf@quimbies.gnus.org> (raw)
In-Reply-To: <87d3rv6tya.fsf@lifelogs.com>
Ted Zlatanov <tzz@lifelogs.com> writes:
> But then you won't be able to pass the secret tokens around or examine
> their hashes. Those are valuable tools for debugging and building more
> functionality around the secret tokens. Generally I'd rather
> encapsulate secrets safely than make them inaccessible.
It has debugging value, but since you're not going to be able to ever
actually see their real value in the Lisp layer, but have to write
special C functions to do anything with them, I think it has low value
otherwise. So it mainly has all the drawbacks connected with
introducing a new type.
If you wish to have some debuggability, you can just have a function
like `(secret-credential-hash "imap.gmail.com" "imaps" "password")'
to return a hash of the "password" secret that's stashed, and you don't
need any new type.
> Your example would not change. I think it could be:
>
> (let ((password (make-secret "hello")))
> (format "%s" password) ; #SECRET#abc123 is the unique one-way hash
> (process-send-string ... password) ; sends the password
> (process-send-string ... #SECRET#abc123) ; sends the password also
> (process-send-string ... (format "%s" #SECRET#abc123)) ; sends the externally useless hash
> (debug password)) ; shows #SECRET#abc123
>
> So only process-send-string and C code would be able to look inside a
> secret token. It will complicate the example code a tiny bit.
No, I don't think that'd actually work. To take an example: Passwords
in IMAP needs to be utf7-imap-encoded and quote-treated. (I think.) So if
you have the password "hello "&" goodbye", you need to do the following
transform:
(format "%S" (utf7-encode password) t)
and what gets sent will be
"hello \"&utf7-thing\" goodbye"
Oh. Hm. But that won't work with my simpler process-send-password
thing either. I had thought of the transform (because if you send basic
auth, you need to base64-encode the stuff first), but
Fbase64_encode_string is a C string, so I though you could just send a
transform down, too. But here you have Lisp-level functions like
utf7-encode being called...
I don't think this is as simple as any of us thought. :-)
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
next prev parent reply other threads:[~2010-09-30 17:17 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-28 14:17 Lars Magne Ingebrigtsen
2010-09-28 14:43 ` Richard Riley
2010-09-29 14:01 ` Lars Magne Ingebrigtsen
2010-09-28 14:46 ` Julien Danjou
2010-09-28 14:50 ` Ted Zlatanov
2010-09-29 14:04 ` Lars Magne Ingebrigtsen
2010-09-28 14:47 ` Ted Zlatanov
2010-09-29 14:07 ` Lars Magne Ingebrigtsen
2010-09-29 16:56 ` Charles Philip Chan
2010-09-29 17:15 ` Ted Zlatanov
2010-09-29 19:27 ` Lars Magne Ingebrigtsen
2010-09-29 19:51 ` Ted Zlatanov
2010-09-29 20:35 ` Michael Albinus
2010-09-29 20:58 ` Ted Zlatanov
2010-09-30 3:32 ` Michael Albinus
2010-09-30 15:46 ` Ted Zlatanov
2010-09-30 17:19 ` Michael Albinus
2010-09-30 16:25 ` Lars Magne Ingebrigtsen
2010-09-30 16:43 ` Ted Zlatanov
2010-09-30 16:47 ` Lars Magne Ingebrigtsen
2010-09-30 17:07 ` Ted Zlatanov
2010-09-30 17:17 ` Lars Magne Ingebrigtsen [this message]
2010-09-30 17:45 ` Ted Zlatanov
2010-09-30 17:51 ` Lars Magne Ingebrigtsen
2010-09-30 19:11 ` Michael Albinus
2010-09-30 17:13 ` Michael Albinus
2010-09-30 17:16 ` Michael Albinus
2010-09-29 21:38 ` Lars Magne Ingebrigtsen
2011-02-25 22:18 ` Ted Zlatanov
2011-03-05 11:53 ` Lars Magne Ingebrigtsen
2011-03-07 17:27 ` Ted Zlatanov
2010-09-28 15:02 ` David Engster
2010-09-29 2:28 ` Daniel Pittman
2010-09-29 4:39 ` Richard Riley
2010-09-29 5:58 ` Daniel Pittman
2010-09-29 6:42 ` Richard Riley
2010-09-29 8:54 ` Gijs Hillenius
2010-09-29 9:07 ` Richard Riley
2010-09-29 10:23 ` Gijs Hillenius
2010-09-29 9:51 ` Tassilo Horn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m339sr9mmd.fsf@quimbies.gnus.org \
--to=larsi@gnus.org \
--cc=ding@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).