[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] XOAUTH2 integration, and a few questions
From: |
Lyndon Nerenberg |
Subject: |
Re: [Nmh-workers] XOAUTH2 integration, and a few questions |
Date: |
Tue, 28 Jun 2016 21:54:10 -0700 |
> On Jun 28, 2016, at 9:47 PM, Ken Hornstein <address@hidden> wrote:
>
> The key difference (pun intended) is that we're not really doing any
> "key management", at least from a crypto persective, at all, because
> as far as OAuth is concerned, there is no crypto. The access token
> needs to be protected via TLS when it is sent over the wire. Think
> of it as a funky password. On our side, we treat it like a password;
> we store it in a file (like we do with passwords in .netrc) and pull
> it out when we need it.
I get it. Kerberos uses file permissions to protect the live token (the
/tmp/krb5_* file). I just want to make sure we are not letting things like
that slip through, where people are not aware that, e.g., environment variables
or process arguments aren't secure.
- [Nmh-workers] XOAUTH2 integration, and a few questions, Ken Hornstein, 2016/06/28
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, David Levine, 2016/06/28
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Ken Hornstein, 2016/06/28
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Lyndon Nerenberg, 2016/06/28
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Ken Hornstein, 2016/06/28
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Lyndon Nerenberg, 2016/06/29
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Ken Hornstein, 2016/06/29
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions,
Lyndon Nerenberg <=
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Ken Hornstein, 2016/06/29
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Valdis . Kletnieks, 2016/06/29
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Ken Hornstein, 2016/06/29
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, David Levine, 2016/06/29
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Ken Hornstein, 2016/06/29
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Valdis . Kletnieks, 2016/06/29
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Ken Hornstein, 2016/06/29
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Ralph Corderoy, 2016/06/30
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Ken Hornstein, 2016/06/30
- Re: [Nmh-workers] XOAUTH2 integration, and a few questions, Lyndon Nerenberg, 2016/06/30