severity 336099 whishlist
thanks
Helo Jari,
Jari Aalto wrote:
Package: centericq
Version: 4.21.0-3
Severity: important
All the passwords are saved as plaintext into the configuration file.
This is high security risk that is not obvious from the the "g"
menu which displays "****" in place of these items.
Please offer encryption of the configuration file, which is unlocked
at the initial start of centericq. Even using crypt(1) for encryption
is better than no security at all.
This is a feature request that have already been explained on
centericq mailing list in 2003 [1]. Restricting permission seems to
be enough for many people [2].
[1]
http://66.249.93.104/search?q=cache:BeBs98QDl6cJ:linux.cgs.pl/cicq/2003-01/0013.html+centericq+%22config+encryption%22+.centericq/config&hl=fr
[2] http://mailman.linuxpl.org/pipermail/cicq/2005-July/004206.html
Best Regards.
Julien Lemoine
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
