Hello,
First, thank you for your hard work in this addon. I have been using it for a few days and it is really nice!!
The only bad thing I see about it is sadly a serious one. I downloaded the debug log and to my surprise there it was, my server's password.
A simple grep -r mypass in the ~/.mozilla folder showed me that any agent that manages read access to this folder will immediately gain access to my private cloud where I store all my sensitive private information.
What would be the best way to grant access without storing the password in plain text? Maybe the user could be required to generate a random tokens to decrypt the password that then would only be unencrypted in memory before being sent through HTTPS.
Thoughts?
Hello,
First, thank you for your hard work in this addon. I have been using it for a few days and it is really nice!!
The only bad thing I see about it is sadly a serious one. I downloaded the debug log and to my surprise there it was, my server's password.
A simple
grep -r mypassin the~/.mozillafolder showed me that any agent that manages read access to this folder will immediately gain access to my private cloud where I store all my sensitive private information.What would be the best way to grant access without storing the password in plain text? Maybe the user could be required to generate a random tokens to decrypt the password that then would only be unencrypted in memory before being sent through HTTPS.
Thoughts?