search

ing156 / vacuum-im

Automatically exported from code.google.com/p/vacuum-im
GNU General Public License v3.0
0 stars 0 forks source link

Account Passwords stored in open plaintext file #851

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Как можно воспроизвести проблему?
What steps will reproduce the problem?
1. Create an account on some jabber server using vacuum-im nightly
2. go to %user%\AppData\Roaming\JRuDevels\VacuumIM\recent\
3. look in the xml file(s) ;-)

Какой результат вы ожидаете?
Что вы видите вместо этого?
What is the expected output?

For it to be encrypted, at least using AES 256 with the profile password.

What do you see instead?

It's readable by anyone with access to your HD.

Какую версию Vacuum-IM вы используете?
На какой операционной системе?
What version of the Vacuum-IM are you using?

latest nightly, but also the case with stable.

On what operating system?

Windows 7 x64.

Какая версия Qt у вас установлена?
What version of the Qt are you using?

4.8.6

Представьте любую дополнительную
информацию ниже.
Please provide any additional information below.

Storing passwords unencrypted doesn't have to be a problem if you allow us to 
store the entire profile/dir on an encrypted volume (like with DiskCryptor or 
TrueCrypt).
I don't see that option anywhere.

\AppData\Roaming\JRuDevels\VacuumIM\ needs to be a config set dir, so we can
change it to
some-encrypted-mounted-volume\JRuDevels\VacuumIM\

Original issue reported on code.google.com by jul...@gmail.com on 23 Mar 2015 at 10:56

GoogleCodeExporter commented 8 years ago 
> go to %user%\AppData\Roaming\JRuDevels\VacuumIM\recent\
In this folser only recent contacts are stored, accounts with encrypted 
passwords are stored in %user%\AppData\Roaming\JRuDevels\VacuumIM\profile. In 
recent contacts only passwords to conferences can be stored in plain text.

You can move VacuumIM folder from %user%\AppData\Roaming\JRuDevels to any 
directory:
1) By passing command line parameter "-h <base-dir>": vacuum.exe -h c:\encrypted
2) By adding parameter "DataPath" to 
%user%\AppData\Roaming\JRuDevels\VacuumIM.ini: DataPath = "c:\encrypted"

Original comment by potapov.s.a on 24 Mar 2015 at 6:19

GoogleCodeExporter commented 8 years ago

Original comment by potapov.s.a on 24 Mar 2015 at 6:20

GoogleCodeExporter commented 8 years ago 
fixed in r2502
Recent conferences passwords now saved with encryption.

Original comment by potapov.s.a on 25 Mar 2015 at 9:43