[vpsFree.cz: community-list] vpsAdmin delka root hesla
Tomáš Volf
volf.tomas at gmail.com
Fri Feb 10 17:42:21 CET 2012
Jestli mas malo casu, tak plaintext je sice "hnusny", ale postaci
pridat k formulari varovani, to vidim jako upravu templatu mozna i na
60 vterin?
Jinak jestli potrebujes pomocnou ruku, rad vypomuzu (kdyz budu umet,
aspon se neco dalsiho priucim), ale to asi mimo community list :-) mas
na me jak mail tak jabber, tak pripadne se ozvi :-)
10.02.12, Pavel Snajdr <snajpa at snajpa.net>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Abych uklidnil paranoiky - zamyslim se nad tim a asi dneska v noci to
> nejak prekodim, databazi promazu.
>
> Pak dam vedet, jak jsem to vymyslel.
>
> Nebudu delat, ze se za ten kod nestydim - vsak jsem to kdysi zacal kodit
> jako prvni seriozni projekt, tak to tak vypada, od te doby jsem se
> (snad) dost zvednul na urovni, ale starej kod tam zustal, protoze nebyl
> cas ho prepsat.
>
> Hodila by se mi pomocna ruka, protoze casu mam po malu.
>
> Pavel Snajdr
>
> +420 720 107 791
>
> http://vpsfree.cz
>
> On 02/10/2012 03:09 PM, Tomas Volf wrote:
>> Tak v ramci teto debaty jsme zjistili, ze hesla nastavena pres vpsadmin
>> jsou v db v plaintextu, tak ted se debatuje co s tim. Kdyz uz se na to
>> prislo a zacalo se to resit v tomto vlakne, aspon ja nevim jak
>> relevantni emaily presunout jinam.
>>
>> On Fri, 10 Feb 2012 15:03:45 +0100
>> Adam Motvi ka <adam at motvicka.cz> wrote:
>>
>>> Já tady v subjectu tu: "vpsAdmin delka root hesla". PYe tu prvních
>>> n kolik nesmyslných emailo a zbytek prost nemám sílo íst, jeliko~
>>> se dle mého jedná o nesmyslnou diskuzi. Pokud o 5 mailo dál ve
>>> stejném vlákn Yeaíte n co jiného, dole~it jaího, co u~ se opravdu
>>> "community-listu" týká...?
>>
>>> Dne 10. února 2012 15:04 Tomas Volf <volf.tomas at gmail.com> napsal(a):
>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> Nj, lidi prestanou davat pozor, procti si to a zjistis ze uz resime
>>>> neco jineho ;)
>>>>
>>>> On Fri, 10 Feb 2012 14:57:22 +0100
>>>> Adam Motvi ka <adam at motvicka.cz> wrote:
>>>>
>>>>> Prosím, je opravdu nutné Yeait minimální délku hesla ve vpsAdminu
>>>>> ve tYinácti rozných emailech v community-listu? Myslím ~e to není
>>>>> nic, nad
>>>> ím
>>>>> by se m la d lat takhle sáhodlouhá veYejná diskuze. Brzo takhle
>>>>> ka~dý na podobné emaily ztratí focus.
>>>>>
>>>>> Adam
>>>>>
>>>>> Dne 10. února 2012 14:53 Tomas Volf <volf.tomas at gmail.com>
>>>>> napsal(a):
>>>>>
>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>> Hash: SHA1
>>>>>>
>>>>>> Kricet by nemel, ale souhlasim s nim v tom, ze by to u
>>>>>> formulare ve vpsAdminu melo byt napsane... :)
>>>>>>
>>>>>> On Fri, 10 Feb 2012 14:47:15 +0100
>>>>>> Pavel Snajdr <snajpa at snajpa.net> wrote:
>>>>>>
>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>> Hash: SHA256
>>>>>>>
>>>>>>> Jedna vec je vyvolavat paniku, druha vec je o tom nevedet
>>>>>>> vubec...
>>>>>>>
>>>>>>> Vezmi si, kde vsude davas svoje heslo - NIKDE tomu nemuzes
>>>>>>> verit.
>>>>>>>
>>>>>>> VSUDE musis mit jine heslo.
>>>>>>>
>>>>>>> A nezapominej, ze stejni lide, kteri maji pristup do te
>>>>>>> databaze,
>>>> maji
>>>>>>> primy pristup na ty VPS.
>>>>>>>
>>>>>>> Proto si myslim, ze je totalne zbytecne vyvolavat paniku.
>>>>>>>
>>>>>>> Ano, je to hnusne reseni, ne, nelibi se mi, ale je to tak a
>>>>>>> to co
>>>> pisu
>>>>>>> vyse je proste pravda.
>>>>>>>
>>>>>>> Takze opravdu, ale opravdu zadna panika netreba, a uz vubec
>>>>>>> na nas nemusis kricet velkym pismem :)
>>>>>>>
>>>>>>> Pavel Snajdr
>>>>>>>
>>>>>>> +420 720 107 791
>>>>>>>
>>>>>>> http://vpsfree.cz
>>>>>>>
>>>>>>> On 02/10/2012 02:44 PM, Tomáa Valouaek wrote:
>>>>>>>> M to vobec nenapadlo, ale tohle je fakt bezpe nostní díra
>>>>>>>> jako prase, která by m la být tou hlavní a
>>>>>>>> nepYehlédnutelnou informací pro ka~dého lena: POZOR, HESLO
>>>>>>>> ZM N NÉ PXES VPSADMIN JE ULO}ENÉ KDESI V PLAINTEXTU. ZM GTE
>>>>>>>> SI HESLO POMOCÍ PASSWD!!!!!
>>>>>>>>
>>>>>>>> Dne 10. února 2012 13:33 Pavel Snajdr <snajpa at snajpa.net
>>>>>>>> <mailto:snajpa at snajpa.net>> napsal(a):
>>>>>>>>
>>>>>>>> Nelibit se ti to muze, ale to je asi tak vsechno :)
>>>>>>>>
>>>>>>>> V podstate nemam jinou moznost, musi to tam bejt v nejaky
>>>>>>>> podobe a ta podoba musi bejt rozsifrovatelna - protoze se
>>>>>>>> to uklada ve forme transakci, ktery si pak vyzvedava
>>>>>>>> backend, a ten aby to heslo mohl zmenit ho musi dostat v
>>>>>>>> plaintextu.
>>>>>>>>
>>>>>>>> Musel bych leda zpetne ty transakce mazat (nepripada v
>>>>>>>> uvahu), nebo je cenzurovat po nastaveni - coz stejne
>>>>>>>> falesnej pocit bezpeci.
>>>>>>>>
>>>>>>>> Pravda je, ze bych to tam mohl nekde vyznacit, aby to bylo
>>>>>>>> obvious.
>>>>>>>>
>>>>>>>> Pavel Snajdr
>>>>>>>>
>>>>>>>> +420 720 107 791
>>>>>>>>
>>>>>>>> http://vpsfree.cz
>>>>>>>>
>>>>>>>> On 02/10/2012 01:34 PM, Tomas Volf wrote:
>>>>>>>>> Ahoj,
>>>>>>>>> muj puvodni dotaz spis smeroval smerem "proc vyzaduje
>>>>>>>>> alespon 5
>>>>>>>> znaku, proc
>>>>>>>>> nenechat zabezpeceni na uzivateli".
>>>>>>>>
>>>>>>>>> Hm, proc se to heslo vlastne uklada? A kdyz uz sme u toho,
>>>>>>>>> tak proc v plaintextu?
>>>>>>>>
>>>>>>>>> Musim priznat, ze tohle se mi moc nelibi...
>>>>>>>>
>>>>>>>>> On Fri, 10 Feb 2012 13:26:58 +0100
>>>>>>>>> Pavel Snajdr <snajpa at snajpa.net <mailto:snajpa at snajpa.net>>
>>>> wrote:
>>>>>>>>
>>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>>>> Hash: SHA256
>>>>>>>>
>>>>>>>>>> Ahoj,
>>>>>>>>
>>>>>>>>>> urcite nechci, aby vpsAdmin umoznoval ulozeni dlouhych
>>>>>>>>>> hesel,
>>>>>>>> protoze to
>>>>>>>>>> heslo je pak v plaintextu v databazi vpsAdminu.
>>>>>>>>
>>>>>>>>>> To ma bejt hlavne na to, aby ses dostal do VPS poprvy,
>>>>>>>>>> nebo kdyz zapomenes heslo.
>>>>>>>>
>>>>>>>>>> Pavel Snajdr
>>>>>>>>
>>>>>>>>>> +420 720 107 791
>>>>>>>>
>>>>>>>>>> http://vpsfree.cz
>>>>>>>>
>>>>>>>>>> On 02/10/2012 11:30 AM, Tomas Volf wrote:
>>>>>>>>>>> Ahoj,
>>>>>>>>>>> jenom takova myslenka... vpsAdmin vynucuje delka hesla
>>>>>>>>>>> pro roota
>>>>>>>> 5 a vice
>>>>>>>>>>> znaku... Mne osobne se nelibi "vynucena" bezpecnost :)
>>>>>>>>>>> Jenom mne
>>>>>>>> zajima
>>>>>>>>>>> nazor ostatnich na tohle tema...
>>>>>>>>>>>
>>>>>>>>>>> PS: jo, vim, pres passwd jde heslo roota zmenit klidne
>>>>>>>>>>> na jeden
>>>>>>>> znak :) Tim
>>>>>>>>>>> spis jestli dava smysl neco vynucovat ve vpsAdminovi...
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Community-list mailing list
>>>>>>>>>>> Community-list at lists.vpsfree.cz
>>>>>>>> <mailto:Community-list at lists.vpsfree.cz>
>>>>>>>>>>> http://lists.vpsfree.cz/listinfo/community-list
>>>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Community-list mailing list
>>>>>>>> Community-list at lists.vpsfree.cz
>>>>>>>> <mailto:Community-list at lists.vpsfree.cz>
>>>>>>>> http://lists.vpsfree.cz/listinfo/community-list
>>>>>>> _______________________________________________
>>>>>>> Community-list mailing list
>>>>>>> Community-list at lists.vpsfree.cz
>>>>>>> <mailto:Community-list at lists.vpsfree.cz>
>>>>>>> http://lists.vpsfree.cz/listinfo/community-list
>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Community-list mailing list
>>>>>>>> Community-list at lists.vpsfree.cz
>>>>>>>> http://lists.vpsfree.cz/listinfo/community-list
>>>>>>>
>
> _______________________________________________
> Community-list mailing list
> Community-list at lists.vpsfree.cz
> http://lists.vpsfree.cz/listinfo/community-list
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iF4EAREIAAYFAk81OjIACgkQdh+64ds5DaYh+gEAsB1SR59GbbKqyNrGhc1j/VLa
> DvpoxeHbQFOsjv3BI6EBAN6NAjeUlUic96n+H4avSvJW6AMQUmo13XmuJmf7oODj
> =YGvB
> -----END PGP SIGNATURE-----
> _______________________________________________
> Community-list mailing list
> Community-list at lists.vpsfree.cz
> http://lists.vpsfree.cz/listinfo/community-list
>
--
Odesláno z mobilního zařízení
Tomas P4l4cl][n Volf
-- "There are only 10 types of people in the world: Those who understand
binary, and those who don't."
More information about the Community-list
mailing list