Bug#361913: linphone: passwords stored world-readable
Samuel Mimram
samuel.mimram at ens-lyon.org
Fri Apr 21 15:39:33 UTC 2006
Hi,
Simon Morlat wrote:
> Any ideas on an api to store password in an encrypted manner ?
> The .gnome2/ tree is (as far as I understand) outdated since gconf is being
> used.
> I would prefer those password to be stored encrypted by linphone itself, since
> the linphone engine is independant from gnome/kde or whatever.
I don't think encryption is needed here. A configuration file chmoded
with proper permissions should be enough...
> Le Mercredi 12 Avril 2006 01:11, Samuel Mimram a écrit :
>> Lionel Elie Mamane wrote:
>>> The accounts information, including CLEAR-TEXT passwords, is stored in
>>> $HOME/.gnome2/linphone, which is by default world-readable. It should
>>> be in $HOME/.gnome2_private/linphone (or any other path below
>>> $HOME/.gnome2_private/), where it will be safe, since
>>> $HOME/.gnome2_private/ is mode 0700.
>> Argh. Thanks for noticing this. I'll try to come up with a patch soon.
More information about the Pkg-voip-maintainers
mailing list