Developers of Sympa

[IKEDA Soji <address@concealed>]

Guillaume,

On Tue, 22 Jul 2014 09:28:02 +0200
Guillaume Rousse <address@concealed> wrote:

> Le 22/07/2014 03:58, IKEDA Soji a écrit :
> > Hi,
> >
> > I prefer to on-memory processing.  I suppose secure information such
> > as private keys would not be unneccessarily written into storage if
> > at all possible --- even if they are removed soon, random blocks of
> > disk will keep information --- let alone passphrases.
> If you're able to access the content of a file owned by Sympa uid, with 
> owner-only read permission, you may as well read sympa configuration 
> file directly, where this password is also available. So why bother with 
> a FIFO here ?

For example, imagine a user replaced her Sympa server and want to
dispose older machine including disks.

Passphrases are stored into specific volume as config parameters.
So this volume should be paid special attention.  However, if
passphrase had repeatedly been saved into other volumes, they should
be treated as carefully as former should be.

FIFO (I don't stick to this method, though) does not store
passed information to any perpetual storages.  I suppose that is why
openssl supports FIFO.

Regards,

--- Soji

-- 
株式会社 コンバージョン  セキュリティ&OSSソリューション部   池田荘児
〒231-0004　神奈川県横浜市中区元浜町3-21-2 ヘリオス関内ビル7F
e-mail address@concealed  TEL 045-640-3550
http://www.conversion.co.jp/