Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Netscape Communicator 4.x sensitive informations in configuration file
From: Neil Dickey <neil () geol niu edu>
Date: Fri, 28 Feb 2003 12:41:13 -0600 (CST)

Marc Ruef <marc.ruef () computec ch> wrote:

The following paste shows the IMAP mail part of this configuration file.
You can see that the line 17 shows the unencrypted password

[ ... Snip ... ]

user_pref("mail.imap.server.imap.computec.ch.password", "MyPassword4");
user_pref("mail.imap.server.imap.computec.ch.remember_password", true);

I notice from the line immediately following that you have the package
remember your password.  It's been my understanding that doing so is
bad practice because that's just the sort of thing that someone probing
your system would very likely be looking for.  Certainly if you save
your password only in your head, then whether or not the program stores
it in the clear is a moot question.  ;-)

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]