[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Re: encrypting credentials is done plain wrong

From: Daniel Klima <danklima_at_gmail.com>
Date: Thu, 14 Apr 2011 14:07:19 -0700 (PDT)

could you please read Raymond Chen's blog (http://blogs.msdn.com/b/oldnewthing/) and especially series about "on the other side of this airtight hatchway".

You'll stop wasting time of others. (I am suprised Stefan Küng commited "it" - since it is extremenly ineffective)


"If you have full trust, then you can do anything, so don't be surprised that you can do bad things, too":

"If you grant somebody SeDebugPrivilege, you gave away the farm":

What you want is not what you get. You won't get security,just obfusction and considering it would be already running on same privlege level as is user's => other and more easier ways to get info you want. And obfuscation and opensource doesn't go well together anyway.

(P.S.:I know it is somewhat written in log,but this is needed in ML as well.)


To unsubscribe from this discussion, e-mail: [dev-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-15 05:45:14 CEST

This is an archived mail posted to the TortoiseSVN Dev mailing list.