![](https://seccdn.libravatar.org/avatar/77cb4da5f72bc176182dcc33f03a18f3.jpg?s=120&d=mm&r=g)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-07-27 15:46, Anton Aylward wrote:
On 07/27/2015 09:12 AM, Carlos E. R. wrote:
Personally I think that the idea of having a cleartext version available anywhere is a bad idea. If it matters that much there should be no cleartext version anywhere except in memory.
And that's where it will be. tmpfs is memory.
No. a tmpfs is part of the file system.
Yes, but in memory. It is memory. :-) And, in Linux, a process memory can be accessed as a file under /proc, I believe, so memory is also filesystem :-p What matters is that the clear text password is not on disk.
No, but an attacker with access to a person email can request the password for many other services to be reset. A link is sent to the mail, click, change password. Even to banks.
That's my issue.
You don't have to have access to my email to request a password reset.
Maybe not, but I want to avoid the issue of a thief having easy access to my email password as a benefit. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlW2OXEACgkQja8UbcUWM1zQVQD/RFQGHQwXUaVT7Sjnif+NrVSc 4v9A1ZOrbhJF6n7a4iwBAJ+GaRHVeCIt0rf8PZTaGw+Fd1LWczHDzcIJcPsd2pao =XMjv -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org