On 3/20/15 12:15 AM, Morty wrote:
On Thu, Mar 19, 2015 at 07:13:43AM -0400, Kingsley Idehen wrote:>You appear to assume that iSQL can only be used to connect to a >Virtuoso instance using a single approach? Here an option dump >(note: we even support use of pkcs#12 and pem files for secure >connections that don't used passwords at all:I'm aware that other authentication options are available. However, passwords are very simple to manage.
Some of us see the perceived "simplicity" of passwords as the mother of all vulnerabilities, in a network environment.
isql usage patterns typically go something like this: 1. isql 2. password challenge 3. password entered via masked input control.BTW -- generating a pkcs#12 or pem file isn't a complex activity, circa 2015. It ultimately trumps passwords in regards to practical security in networked setups.
Given that passwords are present and supported, my request is to implement them in a (slightly more) secure way. Why implement passwords and then hobble them? Other database systems I've worked with have had mechanisms to deal with this problem. Usually by having a "password file" option or a configuration file option that could hold a password. - Morty
There is an isql-odbc variant of isql which can read passwords from an INI file. Currently, that's missing from our releases, but it will be added, following this conversation.
-- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog 1: http://kidehen.blogspot.com Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen Twitter Profile: https://twitter.com/kidehen Google+ Profile: https://plus.google.com/+KingsleyIdehen/about LinkedIn Profile: http://www.linkedin.com/in/kidehen Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Virtuoso-users mailing list Virtuoso-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/virtuoso-users
