Venkatasamy,Venkat wrote:
> The helpdesk support team will have local admin access in all the
> computers. The members will be able to access the profile folders for
> all users. In this case, I belive this is a not a secure solution.
Local administrator access in itself, even to the server on whi
age-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Luke Schierer
> Sent: Monday, March 17, 2008 5:27 PM
> To: support@pidgin.im
> Subject: Re: Password encryption
>
> David Balazic wrote:
> > Hi!
> >
> > No, there is a misunderst
David Balazic wrote:
Hi!
No, there is a misunderstanding. I talked about 2 (more or
less separate) things:
- protecting the stored passwords
The simplest way for this is enabling the Encryption in Windows
on the .purple directory. This is as good as it gets. The only
more secure way is not to
EMAIL PROTECTED] On Behalf Of Luke Schierer
Sent: Monday, March 17, 2008 4:51 PM
To: support@pidgin.im
Subject: Re: Password encryption
David Balazic wrote:
Yes, but hiding it still has a purpose.
Imagine this:
- you open the config file in editor (for whatever purpose)
- someone walks by and sees
Monday, March 17, 2008 4:51 PM
> To: support@pidgin.im
> Subject: Re: Password encryption
>
> David Balazic wrote:
> > Yes, but hiding it still has a purpose.
> >
> > Imagine this:
> > - you open the config file in editor (for whatever purpose)
> > - someone
David Balazic wrote:
Yes, but hiding it still has a purpose.
Imagine this:
- you open the config file in editor (for whatever purpose)
- someone walks by and sees your stored password
A good and simple way to avoid this is:
- pidgin creates a secret key and stores it by itself into a file
-
alazic; support@pidgin.im
> Subject: Re: Password encryption
>
> On Mon, Mar 17, 2008 at 07:57:14AM -0400, Venkatasamy,Venkat wrote:
>
> > i would like to hash the password so it should not be
> visible even to
> > the user who stores the password.
>
> Hashing th
On Mon, Mar 17, 2008 at 07:57:14AM -0400, Venkatasamy,Venkat wrote:
> i would like to hash the password so it should not be visible even to
> the user who stores the password.
Hashing the password doesn't make it not visible to people, it just makes
the hash visible instead of the plaintext versi
Hi
Venkatasamy,Venkat wrote:
> [... securing .purple]
> The helpdesk support team will have local admin access in all the
> computers. The members will be able to access the profile folders for
> all users. In this case, I belive this is a not a secure solution.
No matter how you "encrypt" your
, 2008 2:52 PM
To: David Balazic; Peter Robev
Cc: support@pidgin.im
Subject: RE: Password encryption
The helpdesk support team will have local admin access in all
the computers. The members will be able to access the profile folders
for all users. In
, March 17, 2008 9:49 AM
To: Venkatasamy,Venkat; Peter Robev
Cc: support@pidgin.im
Subject: RE: Password encryption
Of course.
YOU can read it.. Noone else can.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Venkatasamy,Venkat
Sent
Subject: RE: Password encryption
I tried encrypting the .purple folder and tested saving my
password in the IM client. When I opened the accounts.xml I found my
password uncrypted.
From: David Balazic [mailto:[EMAIL PROTECTED
Robev
Cc: support@pidgin.im
Subject: RE: Password encryption
It _IS_ secure. This is not some "I wrote it during the weekend"
encryption.
It is real, tried and tested encryption.
David
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
8 12:57 PM
To: Peter Robev; David Balazic
Cc: support@pidgin.im
Subject: RE: Password encryption
This is not going to help to solve the issue. I belive David
refers to encrypting the .purple directory. But local administrators of
the computer will
visible even to
the user who stores the password.
From: Peter Robev [mailto:[EMAIL PROTECTED]
Sent: Saturday, March 15, 2008 9:55 AM
To: David Balazic
Cc: Venkatasamy,Venkat; support@pidgin.im
Subject: Re: Password encryption
??
Where do you see that
See picture.
From: Peter Robev [mailto:[EMAIL PROTECTED]
Sent: Saturday, March 15, 2008 2:55 PM
To: David Balazic
Cc: Venkatasamy,Venkat; support@pidgin.im
Subject: Re: Password encryption
nt:* Fri 14-Mar-08 17:54
> *To:* support@pidgin.im
> *Subject:* Password encryption
>
>
> We came to know that Pidgin does not encrypt the users' password when
> they choose "Remember Password" options in the accounts windows.
>
> Is there any workaround for thi
File(Directory) Properties / Advanced ... / Encrypt contents to secure data
From: [EMAIL PROTECTED] on behalf of Venkatasamy,Venkat
Sent: Fri 14-Mar-08 17:54
To: support@pidgin.im
Subject: Password encryption
We came to know that Pidgin does not encrypt the
On Fri, 14 Mar 2008 12:54:04 -0400, Venkatasamy,Venkat wrote
> We came to know that Pidgin does not encrypt the users' password when
> they choose "Remember Password" options in the accounts windows.
>
> Is there any workaround for this as this will be security issue in
> any organization as loca
On Fri, Mar 14, 2008 at 12:54:04PM -0400, Venkatasamy,Venkat wrote:
>
> We came to know that Pidgin does not encrypt the users' password when
> they choose "Remember Password" options in the accounts windows.
>
> Is there any workaround for this as this will be security issue in any
> organization
We came to know that Pidgin does not encrypt the users' password when
they choose "Remember Password" options in the accounts windows.
Is there any workaround for this as this will be security issue in any
organization as local administrators having access to the .purple
folder.
Thanks
Venkat
21 matches
Mail list logo