Feature Request - Secure Password Storage #66
Comments
|
Hi, |
|
Please see above referenced pull request. Further changes I would recommend considering:
Not related to the secure password storage but I would also recommend removing the obfuscation of the username (normal & proxy) options. This is not really sensitive like the passwords and if you use a configuration management tool like Chef, Puppet etc then this is a real pain in the neck when generating configuration file templates. If you'd like any further assistance with any of the above please let me know. |
|
Considered stable with latest commit 595d414. |
I had a look at how Nagstamon was storing the password if the save password option is enabled. I noted that the password is stored in an obfuscated form in the config file which is better than plain-text. However, anyone with a moderate understanding of programming would be able to retrieve the password from a config file given that the software is open source.
I modified the source code of my local installed copy to use the Python keyring module. This was a very quick nasty hack (~4 lines of code) but has the password being stored securely on my system keyring implementation which stores the password in encrypted form on the disk using the login password as the key.
It would be useful if this could be properly integrated into the main code base. Keyring implementations exist for Windows, Linux and MacOS. This would obviously need to manage the python dependency and probably fall-back to obfuscated storage if a system keyring implementation is not available. If a keyring implementation is not available then it would probably be beneficial to warn the user so they can choose whether to proceed or not.
The text was updated successfully, but these errors were encountered: