[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [msmtp-users] Passwords
Hello Michael!
On Sat, 27. Sep 2008, 20:44:33 -0500, Michael Witten wrote:
> Is it dangerous to provide an option such as
> --password?
On multiuser systems: yes, because everyone else can look at your command
line, e.g. via ps or /proc/<pid>/cmdline.
> Is it reasonable to use stdin?
Msmtp reads the mail from stdin, and it currently refuses to read a
password from stdin.
> Why are so many people willing to write their
> passwords in config files?
I guess because there are few alternatives.
The best thing to do is to store all of the passwords in a key ring that
encrypts and manages them. When an application needs a password, it
asks the key ring, which then prompts the user for the master password
to the key database (if it has not already done so).
Unfortunately, key rings are not standardized and depend on the user's
desktop environment. Msmtp currently supports the Mac OS X and GNOME key
rings, but it would be nice to support more.
Does someone know of an abstraction layer for all the different key
rings that portable applications can easily use?
Regards,
Martin