[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] "--askpass file" is evil!

Leonard Isham wrote:
On Fri, 03 Dec 2004 13:33:07 +0000, Terry Dooher
<tdooher.lists@xxxxxxxxxxxxxxxxx> wrote:

In the end, the user has to bear some responsibility for the security of their

...but we shouldn't hand them the key to circumventing security. Any more than we should make it soo difficult that they look for ways to circumvent it.

Certinaly. I diverged a bit into general security, but specifically to OpenVPN, --askpass is simply giving people another way of writing their passphrase down.

Many users may see the option as "Well if it's there, it must be ok to use it".While taking it out would help, I suppose it's our responsibility to write "Don't store your passphrase at all!" on a big stick and beat them about the head with it until the message sinks in :)

(For "Big Stick" you might want to substitute "Corporate IT policy enforced in employment contract", but the effect is much the same)


____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users