On Fri, 26 Jan 2007, Duncan wrote: > Robert Marshall > <[EMAIL PROTECTED]> > posted [EMAIL PROTECTED], > excerpted below, on Fri, 26 Jan 2007 13:22:31 +0000: > >> On Mon, 22 Jan 2007, Charles Kerr wrote: >> >>> January 22, 2007 - Pan 0.121: "Dortmunder" >> >> I've just added a newsserver that requires authentication and I see that >> the password is stored in clear text (preferences.xml) in a file with >> world read access in a directory that has also open access. >> >> I've removed read access from all but me but shouldn't this be the >> default? > > Here, my umask is 0027, and servers.xml (preferences.xml doesn't contain > the password, as that wouldn't really make sense with multiple servers, > servers.xml contains it) has permissions of 0640 (-rw-r-----). World read > isn't a problem due to the umask, but group read should be considered > one, but it's observing the umask. > > Still, plain text storage of the password in anything but a user-only > readable file isn't good. Please file a bug on this, then post the link > or bug number here and I'll second it. >
Yes of course it was servers.xml, here's a pointer to the filed bug http://bugzilla.gnome.org/show_activity.cgi?id=401087 After some thought I filed it as cosmetic, though maybe I should have put it down as loss of data as it has ended up with a severity of 'trivial'(!) Robert -- Links and things http://rmstar.blogspot.com/ Robert Marshall _______________________________________________ Pan-users mailing list Pan-users@nongnu.org http://lists.nongnu.org/mailman/listinfo/pan-users
