[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] XOAUTH2 integration, and a few questions

From: Ken Hornstein
Subject: Re: [Nmh-workers] XOAUTH2 integration, and a few questions
Date: Wed, 29 Jun 2016 09:37:05 -0400

>I get it. Kerberos uses file permissions to protect the live token
>(the /tmp/krb5_* file).  I just want to make sure we are not letting
>things like that slip through, where people are not aware that, e.g.,
>environment variables or process arguments aren't secure.

I hear you.  Clearly from a security standpoint passing the bearer token
via a process argument isn't a good idea.  Like I said, I'm willing to
fix this if my solution is acceptable to everyone.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]