[Engine-devel] Dropping encryption of database password

Alon Bar-Lev alonbl at redhat.com
Wed May 1 15:58:12 UTC 2013



----- Original Message -----
> From: "Josh Bressers" <bressers at redhat.com>
> To: "Eli Mesika" <emesika at redhat.com>
> Cc: "Alon Bar-Lev" <alonbl at redhat.com>, "Juan Hernandez" <jhernand at redhat.com>, "engine-devel"
> <engine-devel at ovirt.org>, "pmatouse" <pmatouse at redhat.com>
> Sent: Wednesday, May 1, 2013 6:40:26 PM
> Subject: Re: [Engine-devel] Dropping encryption of database password
> 
> > > 
> > > In another words you are for storing password as plain text.... :)
> > 
> > If the file is protected , I don't mind that the password is in plain
> > text...
> > 
> 
> Hi all,

Hello,
 
> Itamar pointed me at this thread. I'm part of the Red Hat Product Security
> Team, we exist to help various projects and products with security needs
> (such as advice in this instance).
> 
> I can't really comment on this without understanding some of the background
> (sorry for not being up to speed, I don't have time to research this
> today and I'm away tomorrow so my replies may be slow).
> 
> Can you explain to me what the passwords in question are used for?

The password of the user used to access the database.

Regards,
Alon

> 
> Thanks.
> 
> --
> Josh Bressers / Red Hat Product Security Team
> 



More information about the Engine-devel mailing list