This is a significant security issue: when the target directory is on a
remote site via ssh, not only is the remote password stored in plain
text in the config file (maybe that's okay), it is emailed (to root,
which is then under standard ubuntu installation forwarded on to some
major user) upon every successful backup. This email could be forwarded
on to someone's non-local email address, or seen by other users, etc ---
not conventionally accceptable!
this should be an easy fix: replace the password with **** in all email
notifications.
** Changed in: sbackup (Ubuntu)
Status: Unconfirmed => Confirmed
--
Display password in cleartext
https://bugs.launchpad.net/bugs/113864
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
