From: Adam Porter <adam@alphapapa.net>
To: yantar92@posteo.net
Cc: emacs-devel@gnu.org, jschmidt4gnu@vodafonemail.de
Subject: Re: Storing sensitive data indefinitely in variables or buffers: Whether and how to fix?
Date: Wed, 31 May 2023 11:39:31 -0500 [thread overview]
Message-ID: <6503151d-13be-f299-24a2-76bb9d6fecc8@alphapapa.net> (raw)
In-Reply-To: <87fs7dnd1u.fsf@localhost>
I've recently been thinking about similar issues. In Ement.el, it's
necessary to store a session token, which is used upon next connection
to prevent having to log in with a password again (the Matrix protocol
does not intend for users to re-enter their password on each
connection). For now, the token is stored in a plain-text file with
permissions set securely, but obviously it would be good for the token
to be encrypted at rest.
I once attempted to use the auth-source library to store it, but due to
numerous problems[0], I gave up on that idea.
Since then we've gained the `persist' and `multisession' libraries,
which seem like good tools, but neither one offers secure storage.
I think Emacs needs a new library to store Lisp data securely. Ideally
the API would simply return a Lisp object which could be used with
common functions like alist-get, gethash, etc. to read data. For
writing, perhaps some kind of simple macro or function wrapper that
would store the data securely, as-configured, without the application
needing to know the details.
Even more ideally, such a feature would be part of `persist' and/or
`multisession', or at least be built on top of them, to avoid having
yet-another data-persistence library.
(I also hope we can figure out the situation with regard to having both
`persist' and `multisession' now; I asked[1] last month, but the
discussion didn't proceed very far.)
Does anyone else have thoughts about this?
Thanks,
Adam
0:
https://old.reddit.com/r/emacs/comments/8lvda6/is_authsource_from_the_dark_side/
1: https://lists.gnu.org/archive/html/emacs-devel/2023-04/msg00269.html
next prev parent reply other threads:[~2023-05-31 16:39 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-30 21:25 Storing sensitive data indefinitely in variables or buffers: Whether and how to fix? Jens Schmidt
2023-05-31 8:02 ` Ihor Radchenko
2023-05-31 16:39 ` Adam Porter [this message]
2023-05-31 18:17 ` tomas
2023-06-01 6:34 ` Ihor Radchenko
2023-06-01 6:51 ` tomas
2023-06-01 7:11 ` Ihor Radchenko
2023-05-31 19:05 ` Eli Zaretskii
2023-06-01 6:48 ` Ihor Radchenko
2023-06-01 7:11 ` Eli Zaretskii
2023-06-01 7:29 ` Ihor Radchenko
2023-06-01 7:33 ` Eli Zaretskii
2023-06-01 7:34 ` tomas
2023-05-31 19:37 ` Jens Schmidt
2023-06-01 6:42 ` Ihor Radchenko
2023-06-01 20:10 ` Jens Schmidt
2023-06-01 20:47 ` Adam Porter
2023-06-02 6:30 ` Eli Zaretskii
2023-06-04 23:47 ` Adam Porter
2023-06-05 2:31 ` Eli Zaretskii
2023-05-31 12:56 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6503151d-13be-f299-24a2-76bb9d6fecc8@alphapapa.net \
--to=adam@alphapapa.net \
--cc=emacs-devel@gnu.org \
--cc=jschmidt4gnu@vodafonemail.de \
--cc=yantar92@posteo.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).