You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On p. 284 I was a bit surprised to see the use of NOPASSWD without a discussion of the security implications though. Intuitively, NOPASSWD seems like a bad idea even with the other security measures in place, but I'm not a security expert, so I had to google it. And it seems like it might not be that bad after all:
I'm still not completely sure and I couldn't really find an authoritative best-practice recommendation, but in any case, it seems like something you shouldn't just copy-paste without trying to understand the implications, so it would be great if your book included a short discussion on what it is and why/when it's acceptable to use it from a security point of view :)
I agree that intuitively, using NOPASSWD seems like it could be insecure (and it can be in certain circumstances, you just need to understand the risks/rewards). I would like to at least add a warning aside explaining this so it's more clear.
The text was updated successfully, but these errors were encountered:
This is from a reader's email:
I agree that intuitively, using
NOPASSWD
seems like it could be insecure (and it can be in certain circumstances, you just need to understand the risks/rewards). I would like to at least add a warning aside explaining this so it's more clear.The text was updated successfully, but these errors were encountered: