Re: Bug#253700: konqueror history exposure of username and password
El Jueves, 10 de Junio de 2004 21:57, Kevin Krammer escribió: > It still shouldn't display the password part, there was a fix for that in > bookmark handling if memory serves me right. > > I think it is a valid bug report concerning security. If you type: $ mysqladmin -u root -psecret Then it's stored on .bash_history (if using bash, of course), and another user can see it pressing the up cursor. IMHO, if you type a password in clear, you're exposed to that kind of things. ;-) -- Alex (a.k.a. suy) - GPG ID 0x0B8B0BC2 http://darkshines.net/ - Jabber ID: [EMAIL PROTECTED]
Bug#253700: konqueror history exposure of username and password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eike "zyro" Sauer wrote: | What aboubt public surf stations? Rule #1: Don't use Passwds in URLs in public surfstations ;-) But you're right it should be removed imho - -- Bye, ~ Patrick Cornelissen ~ http://www.p-c-software.de ~ ICQ:15885533 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAyORs4/Hplayn3Y8RAuyFAJ4799Mk4Wt2bIBwA/oVDjwDRoR2HQCfUQ5s iZQuqqzA+FW2kurzOu1WvE0= =Bo7e -END PGP SIGNATURE-
Re: Bug#253700: konqueror history exposure of username and password
Stephen Gran schrieb: > You understand that linux is a _multi-user_ OS. What aboubt public surf stations? Ciao, Eike
Re: Bug#253700: konqueror history exposure of username and password
On Thursday 10 June 2004 21:02, Stephen Gran wrote: > This one time, at band camp, Jean Darcoux said: > > Package: konqueror > > Version: 4:3.2.2-1 > > Severity: important > > Tags: security sarge > > > > If you enter an URL like > > > > ftp://USER:[EMAIL PROTECTED] > > > > in the URL bar and type enter. The next time you will type the same URL, > > you will see that the username and the password will be autocompleted. > > This indicate that they are stored somewhere on your computer. This can > > be a security problem in the case of a shared computer. > > You understand that linux is a _multi-user_ OS. So, setup seperate user > accounts, so that each person can have each of their settings and > history kept private. This information is most likely stored in the > users ~/.kde/, which is not world-readable here. It still shouldn't display the password part, there was a fix for that in bookmark handling if memory serves me right. I think it is a valid bug report concerning security. Cheers, Kevin pgpjFEjP2ry3Q.pgp Description: signature
Bug#253700: konqueror history exposure of username and password
This one time, at band camp, Jean Darcoux said: > Package: konqueror > Version: 4:3.2.2-1 > Severity: important > Tags: security sarge > > If you enter an URL like > > ftp://USER:[EMAIL PROTECTED] > > in the URL bar and type enter. The next time you will type the same URL, > you will see that the username and the password will be autocompleted. This > indicate that they are stored somewhere on your computer. This can be a > security problem in the case of a shared computer. You understand that linux is a _multi-user_ OS. So, setup seperate user accounts, so that each person can have each of their settings and history kept private. This information is most likely stored in the users ~/.kde/, which is not world-readable here. HTH, and thanks, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgpTh9kpLfgLV.pgp Description: PGP signature
Bug#253700: konqueror history exposure of username and password
Package: konqueror Version: 4:3.2.2-1 Severity: important Tags: security sarge If you enter an URL like ftp://USER:[EMAIL PROTECTED] in the URL bar and type enter. The next time you will type the same URL, you will see that the username and the password will be autocompleted. This indicate that they are stored somewhere on your computer. This can be a security problem in the case of a shared computer. _ MSN Messenger : discutez en direct avec vos amis ! http://messenger.fr.msn.ca/
