[Q] support for the OS X keychain
QUERY
Which versions have you tested with? Since it's a module, I suppose
it can be built to be used with *any* XEmacs supporting modules,
including 21.4? (Vin alert!)
This is a good idea, but the implementation can be strengthened
without much effort.
(1) The function docstring *must* document the security implications
of passwords being left in XEmacs's memory. In particular, mention
the trivial attack via history in M-: (the obvious direct UI to the
API). Yes, I understand that these are single-user machines and that
normally the only avenue to root is sudo, in which case the single
user's system login password has to be compromised anyway. So the
risks are low. But so is the cost of documentation/education.
(2) `keychain-add' *should* be given an interactive interface that
calls `read-password' for the password. While `read-password' is only
"semi-secure" (as its documentation says), it does limit the risk
quite a bit. And if you use `read-password', then improvements to it
will automatically be used in the future.
Eric Knauel writes:
Here is a small dynamic module that adds support for the OS X
keychain
to XEmacs.
The OS X keychain is a mechanism that stores application passwords
(and other secret information) in encrypted file on the disk. This is
quite useful: For example, if the user unlocks his keychain on login,
applications may fetch passwords from the keychain to access some
server without having to ask for the server password.
I always wanted Gnus to use the keychain to store my IMAP server
passwords instead of the plain text ~/.netrc or ~/.authinfo files.
So, here is a small patch that adds a module that wraps Carbon API to
keychain into Lisp functions: KEYCHAIN-FIND, KEYCHAIN-REMOVE, and
KEYCHAIN-ADD. The functions are pretty simple to use.
_______________________________________________
XEmacs-Patches mailing list
XEmacs-Patches(a)xemacs.org
http://calypso.tux.org/cgi-bin/mailman/listinfo/xemacs-patches