[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Saving of passwords (Was: Security status)
From: Waldo Bastian <bastian () suse ! de>
Date: 2000-02-06 19:42:38
[Download RAW message or body]
> Q: How are saved passwords protected?
> Passwords should be saved on disk only when the user explicitly
> says so. If the user later deactivates the function to save the
> password, an already saved password should dissappear from the
> configuration files.
>
> A: Passwords are saved in the KMail config file, i.e.
> ~/.kde/share/config/kmailrc. They are not saved as plain text but
> "encrypted" with a simple scrambling algorithm - encrypting these
> passwords in a really secure way is impossible. So your passwords
> are protected mainly by the permissions of your .kde directory, which
> should be set to -rwx------.
>
> If you deselect the "store password" option, the password to that
> account is deleted as soon as you close the "Configure Account"
> dialog (KMAccountSettings::accept()).
>
> If you delete an account, the information (including the password)
> stays in the configuration file (this is a bug). (dnaber,
> 2000-02-04)
For practical purposes I have my ~/.kde/share/config/ directory
world-readable. The permission of config files is determined by the
umask settings, which usually results in something like "-rwxr--r--".
It would be good practice to store passwords in a seperate file (e.g.
~/.kde/share/apps/kmail/passwords) and to make sure that this file has
permissions set to 0600.
Cheers,
Waldo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic