Robert Marshall <[EMAIL PROTECTED]> posted [EMAIL PROTECTED], excerpted below, on Fri, 26 Jan 2007 13:22:31 +0000:
> On Mon, 22 Jan 2007, Charles Kerr wrote: > >> January 22, 2007 - Pan 0.121: "Dortmunder" > > I've just added a newsserver that requires authentication and I see that > the password is stored in clear text (preferences.xml) in a file with world > read access in a directory that has also open access. > > I've removed read access from all but me but shouldn't this be the default? Here, my umask is 0027, and servers.xml (preferences.xml doesn't contain the password, as that wouldn't really make sense with multiple servers, servers.xml contains it) has permissions of 0640 (-rw-r-----). World read isn't a problem due to the umask, but group read should be considered one, but it's observing the umask. Still, plain text storage of the password in anything but a user-only readable file isn't good. Please file a bug on this, then post the link or bug number here and I'll second it. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman _______________________________________________ Pan-users mailing list Pan-users@nongnu.org http://lists.nongnu.org/mailman/listinfo/pan-users
