Plain text config file

[hagabaka]

Currently the config file consists of Qt serializations of setting data, which is not humanly readable or editable. It would be nice to use plain text in the config file. It should be implementable using QSettings's "array" support.

As benefits of this change, users can quickly add their networks and channels without using Communi's UI. New settings can be added without necessarily being shown in the UI, which may be useful for plugins or uncommon features.

The only drawback is stored passwords will be plainly visible too, but Qt serialization doesn't really provide secrecy anyway, and a good solution for that would be to use encrypted storage for passwords.

[Venemo]

@hagabaka Do you have a suggestion about that encrypted storage?

[hagabaka]

What about QtKeychain?

QtKeychain is a Qt API to store passwords and other secret data securely. How the data is stored depends on the platform:

• Mac OS X: Passwords are stored in the OS X Keychain.
• Linux/Unix: If running, GNOME Keyring is used, otherwise qtkeychain tries to use KWallet (via D-Bus), if available.
• Windows: By default, the Windows Credential Store is used (requires Windows 7 or newer). Pass -DUSE_CREDENTIAL_STORE=OFF to cmake use disable it. If disabled, QtKeychain uses the Windows API function CryptProtectData to encrypt the password with the user's logon credentials. The encrypted data is then persisted via QSettings.

[Venemo]

@hagabaka Sounds nice. Let's deal with secure passwords in #125 and talk about the plain text config file. What exactly are you proposing? Simply put a QMap<QString, QVariant> into QSettings? Would that store the stuff in plain text?

[Venemo]

One more issue here: we would need to take care of users updating from earlier versions so that they don't lose their settings.