On Mon, Mar 9, 2015 at 6:53 PM, Björn Persson <Bjorn@rombobjörn.se> wrote: > Nico Kadel-Garcia wrote: >> I'm the guy that brought up the XKCD comic. > > I did it first. ;-) > >> The classic >> storage is the Post-it note on the secretary's desk, but I see a lot >> of people who should know better writing them into source control >> systems that everyone in the company can read. > > Or even source control systems that everyone in the *world* can read: > > http://arstechnica.com/security/2015/03/ubers-epic-db-blunder-is-hardly-an-exception-github-is-awash-in-passwords/ > > Björn Persson And Subversion, storing its own plaintext passwords by default in $HOME/.subverson/ for almost 15 years now. And the chef 'nrpe' and 'mysql' cookbooks, storing MySQL and other database passwords in plain text for system configuration, and the 'users' cookbook storing private SSH keys in unencrypted data bags with no hooks to encrypt the stored private keys. Yeah, the list goes on, and on, and on for tools that store unprotected credentials. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
