password for BGP in clear-text in bird.conf file?
Christopher Jay Manders
cjmanders at gmail.com
Sat Apr 25 18:25:41 CEST 2015
Hi,
I disagree.
It is a security issue to have a password stored in clear-text.
I think the way to do it is to use birdcl to enter the password but then
store it in some type of encrypted form. Perhaps separately from the
bird.conf.
Even loose encryption like XORing or something would be better than
storing a password in clear-text.
For real production deployments of bird this needs to be a consideration.
That is my feeling.
Thanks!
Christopher
On 4/23/15 10:23, Ondrej Zajicek wrote:
> On Thu, Apr 23, 2015 at 10:05:21AM -0700, Christopher Jay Manders wrote:
>> Hi,
>>
>> I am not sure if this has been brought up before, but it is very sad that
>> the password for BGP AUTH is in clear-text.
>>
>> Is there anything in progress to rectify or discussion about this?
>
> Hi
>
> There is not much to discuss. Because the way how it is used, the
> password must be in clear-text-recoverable form. The bird.conf
> could be protected by unix access rights if necessary.
>
More information about the Bird-users
mailing list