Skip to content
This repository has been archived by the owner on Apr 12, 2022. It is now read-only.

Don't store password (WCM is insecure) #14

Closed
michaelsanford opened this issue Feb 13, 2019 · 0 comments
Closed

Don't store password (WCM is insecure) #14

michaelsanford opened this issue Feb 13, 2019 · 0 comments
Assignees
@michaelsanford
Labels
security Security-related
Milestone
1.0.0 - Flying Snow

Comments

@michaelsanford
Copy link
Owner

michaelsanford commented Feb 13, 2019
edited
Loading

It turns out the WCM is not even remotely a secure password store.

So passwords are not safe, hashes and such you verify to lock something are not safe. It's not safe, it's a piece of garbage and I've struggled for a long time to understand its usefulness.

Don't persist the user's Bitbucket password -- just ask for it every session.
@michaelsanford michaelsanford added mvp security Security-related labels Feb 13, 2019
@michaelsanford michaelsanford added this to the 0.5.0 "Flying Snow" milestone Feb 13, 2019
@michaelsanford michaelsanford self-assigned this Feb 13, 2019
@michaelsanford michaelsanford changed the title Encrypt payload stored in Windows Credential Manager Encrypt credentials, move storage from Windows Credential Manager to Registry Feb 14, 2019
@michaelsanford michaelsanford changed the title Encrypt credentials, move storage from Windows Credential Manager to Registry Encrypt credentials stored in WCM Feb 15, 2019
@michaelsanford michaelsanford changed the title Encrypt credentials stored in WCM Don't store password (WCM is insecure) Feb 16, 2019
@michaelsanford michaelsanford mentioned this issue Jun 17, 2019
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@michaelsanford michaelsanford

Labels
security Security-related
Projects
None yet
Milestone
1.0.0 - Flying Snow
Development

No branches or pull requests
1 participant
@michaelsanford