Ari Pollak wrote: > How do you propose storing the passwords? The permissions on the logjam > directory are not world readable, so only your user or root should be able > to access the passwords. > > Stephanie Erin Daugherty wrote: >> Package: logjam >> Version: 4.5.3-1+b1 >> Severity: normal >> >> Application stores account passwords in plaintext.
A couple of ways to address this. One would be using a "master" password to encrypt the configuration, or that part of the configuration. Another would be to integrate with a running "wallet" service under Gnome or KDE if it's available, downside to this is that I don't think there's a standardized method for secure password storage common to both KDE and Gnome, and that still leaves uses of other environments out in the cold. Another would be to simply remove the option to store the password. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
