[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: read-passwd: no longer as secure?
From: |
Ted Zlatanov |
Subject: |
Re: read-passwd: no longer as secure? |
Date: |
Tue, 24 Apr 2012 08:26:16 -0400 |
User-agent: |
Gnus/5.130004 (Ma Gnus v0.4) Emacs/24.1.50 (gnu/linux) |
On Mon, 23 Apr 2012 20:53:04 -0400 Stefan Monnier <address@hidden> wrote:
>> though this hides on the display it is still available to most
>> lisp code.
SM> As it was in the previous implementation (in the `pass' variable).
SM> Hiding information is pretty contrary to the design of Emacs and Elisp.
I've mentioned before that it would be useful to have a way to hide
passwords and other secret data.
Currently the best way to do it in ELisp is with a lexical-let closure
that decrypts when you invoke it, AFAIK. At least the data is not in
the open. But it would be nice to have a way to securely reserve and
then wipe a string, or perhaps a pass-through method that decrypts
straight into the process rather than into a string. I'd use it in
auth-source.el, for instance.
Ted