-
-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mail notification and dynamic domain passwords stored in plain text in qBittorrent.conf file #6726
Comments
AFAIK there is only one way to secure the passwords:
Just to clarify, the current way of storing WebUI password isn't really secure, don't get a false sense of security on this. Personal rant... I don't think a (simple) torrent downloader should become a (secure) passwords managing program... |
If we go to platform-specific solution, we may use secret storage provided by environment, e.g. KWallet, DPAPI, Gnome keyring... |
Encrypting the data would only make a sysadmin's life harder. Simply setting up user permissions properly is the way to go (IMO). As others said at that ticket there is really no good way to handle this. Hashing them like the WebUI would only give a false sense of security. @evsh Sadly, none of them is available on all distros. Targeting one or making one as dependency may break the pre-installed/set-up, other key manager on the system. There is really no good approach to this. |
This issue has been closed and locked for being too old, and thus either most likely resolved in recent versions or no longer applicable. A new issue report with relevant updated data gathered from the latest version is preferable to necroing an old report with a comment like "still happens in version x.y.z", even if you think the bug is the same, or suspect of a regression. Thank you for your contributions. |
Please provide the following information
qBittorrent version and Operating System:
qbittorrent: 3.3.12-0ppa1~xenial
OS: Ubuntu Server 16.04.2 amd64
If on linux, libtorrent and Qt version:
libtorrent: 1.0.11+git20172002.ecd20f15cb-1ppa1~xenial1
Qt: 5.5.1+dfsg-16ubuntu7.2
What is the problem:
The mail notification and dynamic domain passwords are stored in plain text in qBittorrent.conf file.
What is the expected behavior:
The passwords should be hashed, like the WebUI password
Steps to reproduce:
Extra info(if any):
N/A
The text was updated successfully, but these errors were encountered: