Hello Jari,
Jari Aalto wrote:
| severity 336099 whishlist
| thanks
|
| >Package: centericq
| >Version: 4.21.0-3
| >Severity: important
| >
| >All the passwords are saved as plaintext into the configuration file.
| >This is high security risk that is not obvious from the the "g"
| >menu which displays "****" in place of these items.
| >
| >Please offer encryption of the configuration file, which is unlocked
| >at the initial start of centericq. Even using crypt(1) for encryption
| >is better than no security at all.
| >
| >
| >
| This is a feature request that have already been explained on
| centericq mailing list in 2003 [1]. Restricting permission seems to
| be enough for many people [2].
Hi,
Wishlist. Hm, I would consider this a bug for this reason alone:
1) The display "g" should show all
in clear text until the encryption is put into place.
Now it gives false impression of "security", when there is none.
Also, the chmod permission is not enough for passwords, which are
stored on disk. All the files go to the backup, so the design should
be changed ASAP.
Please raise the bug level.
In the meaning of debian severity, important means "a bug which has a
major effect on the usability of a package, without rendering it
completely unusable to everyone." [1] . For me, This problem has no
major effect on the usability, and is not a bug. It is a feature request
for users that need security improvment.
[1] http://www.debian.org/Bugs/Developer#severities
Best Regards
Julien Lemoine
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
