[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Preliminary passwords policy.

To: Core Arabeyes Management Team <core at arabeyes dot org>
Subject: Re: Preliminary passwords policy.
From: Nadim Shaikli <shaikli at yahoo dot com>
Date: Fri, 15 Jul 2005 23:15:09 -0700 (PDT)
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=ODx5/6dD5Dk4uT8GoWdT8F9loYK0Sh1ll3rRB4cWWgMR2vlafvlmEzIq6rX4QDDo8zIqwH1XHZzdR9sqvD+mo9XZf8I7SD6gUJz/mzV4Q6i2cvN3CqOG2Irn8nAx+sYdx2F0tMXMEDr6mCa+SWi+0XLhr0GS5aZBUvbUzkwyGYQ= ;

--- Mohammed Sameer <msameer at foolab dot org> wrote:
> I think the best policy for the passwords is:
> 1) Passwords should never be transmitted as plain text,
>    this includes IRC, email, http authentication.
>    If so, The password should be invalidated and changed ASAP.

Sure.

> 2) We can have an encrypted loopback filesystem on sina where we store all
>    our passwords if a centralised storage is required.

OK, how do we do this ?

> 4) Each arabeyes core member should have a gpg key to encrypt the passwords
> when emailing to another core member.

OK, I can generate a GPG key no problem - but it is unlikely I will mail
any sensitive info esp if item #2 above is enacted.

> 5) We all need to have the following password:
>    MySQL root password
>    http authentication passwords
>    mailman passwords
>    the root password for sina
>    IRC channels password

As well as all external account passwords.

Mohammed, tell us more (or setup) the 'encrypted loopback filesystem'
on sina.

 - Nadim

____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs

Next by Date: meeting tonight
Next by thread: meeting tonight
Index(es):
- Date
- Thread