Mailinglist Archive: opensuse (3831 mails)

< Previous Next >
Re: [opensuse] NO PROBLEM. zypper does not use proxy settings?
  • From: "Dominique Leuenberger" <Dominique.Leuenberger@xxxxxxxxxxxxx>
  • Date: Tue, 09 Jan 2007 15:37:38 +0100
  • Message-id: <45A3C4D1.2554.0029.1@xxxxxxxxxxxxx>
>>> On 09-01-2007 at 16:24, "Mark Goldstein" <goldstein.mark@xxxxxxxxx>
wrote:
> On 1/9/07, Mark Goldstein <goldstein.mark@xxxxxxxxx> wrote:
>> On 1/9/07, Mark Goldstein <goldstein.mark@xxxxxxxxx> wrote:
>> > On 1/9/07, Dinar Valeev <dinarv@xxxxxxxxx> wrote:
>> >
>> > Set a proxy URL
>> > rug set proxy-url url_path
>>
>> Hi Dinar,
>>
>> I defined proxy in Yast2 and rug works fine, so it looks like rug
now
>> uses proxy setting from /etc/sysconfig/proxy (I remember that in
10.0
>> rug -- then part of Red Carpet -- used its own settings.
>>
>> But zypper fails. I'll re-check though.
>>
>
> Hmmm, it was something else. Maybe temporary unaccessible
repository.
> Now zypper works fine.
>
> BTW, it uses proxy user and password from /root/.curlrc.
> This file, though readable by root only, contains password in plain
test.
> I think it's not a good idea. Anyone with an access to Linux machine
> can use another system (e.g. Knoppix, or Windows on dual boot
machine)
> and read it, unless /root is stored on encrypted FS.
>
> I actually asked the same question on Novell forum regarding the Red
> Carpet (about a year ago), since rug had also stored unencrypted
proxy
> password in the plain file, but have not got reasonable answer.

It's already bad if somebody get's so far in your computer, but if he
did, you have small chances to protect this file (except HD
encryption).

The password is stored to create some action without user intervention
(ie. without the user having to type his password), and as such
the algorithm of storing these passwords has to be reversible -> and
thus, however you encrypt it, using the source code of the program
reading the file, there will NEVER be a problem getting the password.

so indeed: even if it would be liked to have these files protected: it
won't be possible. It would only be a small additional burden. Faked
security to be precise.

Dominique

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
References