[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Pan-users] Re: ANN: Pan 0.121 "Dortmunder"
|
From: |
Robert Marshall |
|
Subject: |
[Pan-users] Re: ANN: Pan 0.121 "Dortmunder" |
|
Date: |
Fri, 26 Jan 2007 18:26:55 +0000 |
On Fri, 26 Jan 2007, Duncan wrote:
> Robert Marshall
> <address@hidden>
> posted address@hidden,
> excerpted below, on Fri, 26 Jan 2007 13:22:31 +0000:
>
>> On Mon, 22 Jan 2007, Charles Kerr wrote:
>>
>>> January 22, 2007 - Pan 0.121: "Dortmunder"
>>
>> I've just added a newsserver that requires authentication and I see that
>> the password is stored in clear text (preferences.xml) in a file with
>> world read access in a directory that has also open access.
>>
>> I've removed read access from all but me but shouldn't this be the
>> default?
>
> Here, my umask is 0027, and servers.xml (preferences.xml doesn't contain
> the password, as that wouldn't really make sense with multiple servers,
> servers.xml contains it) has permissions of 0640 (-rw-r-----). World read
> isn't a problem due to the umask, but group read should be considered
> one, but it's observing the umask.
>
> Still, plain text storage of the password in anything but a user-only
> readable file isn't good. Please file a bug on this, then post the link
> or bug number here and I'll second it.
>
Yes of course it was servers.xml, here's a pointer to the filed bug
http://bugzilla.gnome.org/show_activity.cgi?id=401087
After some thought I filed it as cosmetic, though maybe I should have put
it down as loss of data as it has ended up with a severity of 'trivial'(!)
Robert
--
Links and things http://rmstar.blogspot.com/
Robert Marshall
Re: [Pan-users] ANN: Pan 0.121 "Dortmunder", Darren Albers, 2007/01/26