[Melbourne-pm] Obfuscating passwords in configurations
Scott Penrose
scottp at dd.com.au
Thu Dec 2 03:11:58 PST 2010
On 02/12/2010, at 9:40 PM, Shlomi Fish wrote:
> How do you know that they do that? Please cite it. I've looked into the
> contents of ~/.subversion/auth/svn.simple/ and the passwords are stored there
> in plaintext, completely unencrypted. Note that Subversion has an option to
> use the KDE or GNOME password managers, which is more secure (but possibly
> less convenient).
You are correct - I was wrong about Subversion. CVS did it, but SVN does not.
Some other examples that do it:
* Opera
* IE
* Firefox
That last one I wasn't sure on, but sure enough it does. Obviously you can easily unencrypt in the browser :-)
My viewing of my apps shows me that more applications do obfuscate than not.
I did a search for my common passwords across my system, and did not find too many cases.
Scott
More information about the Melbourne-pm
mailing list