Mail notification and dynamic domain passwords stored in plain text in qBittorrent.conf file

[FranciscoPombal]

Please provide the following information

qBittorrent version and Operating System:

qbittorrent: 3.3.12-0ppa1~xenial
OS: Ubuntu Server 16.04.2 amd64

If on linux, libtorrent and Qt version:

libtorrent: 1.0.11+git20172002.ecd20f15cb-1ppa1~xenial1
Qt: 5.5.1+dfsg-16ubuntu7.2

What is the problem:

The mail notification and dynamic domain passwords are stored in plain text in qBittorrent.conf file.

What is the expected behavior:

The passwords should be hashed, like the WebUI password

Steps to reproduce:

• Install qbittorrent
• Setup WebUI
• In the WebUI, configure mail notifications and/or dynamic host updates
• Check qBitorrent.conf file

Extra info(if any):

N/A

[Chocobo1]

AFAIK there is only one way to secure the passwords:

• Setup 1 master password for all stored passwords.
  qbt then must query the user for master password on every startup or password usage (like linux command sudo).
  I doubt users will like this idea. Or someone please point out a viable solution.

Just to clarify, the current way of storing WebUI password isn't really secure, don't get a false sense of security on this.

Personal rant... I don't think a (simple) torrent downloader should become a (secure) passwords managing program...

[zeule]

If we go to platform-specific solution, we may use secret storage provided by environment, e.g. KWallet, DPAPI, Gnome keyring...

[Balls0fSteel]

Encrypting the data would only make a sysadmin's life harder. Simply setting up user permissions properly is the way to go (IMO). As others said at that ticket there is really no good way to handle this. Hashing them like the WebUI would only give a false sense of security.

@evsh Sadly, none of them is available on all distros. Targeting one or making one as dependency may break the pre-installed/set-up, other key manager on the system. There is really no good approach to this.

[sledgehammer999]

This issue has been closed and locked for being too old, and thus either most likely resolved in recent versions or no longer applicable.
If you experience the reported problem or similar in the latest version, please open a new issue report with the requested information in the issue template.

A new issue report with relevant updated data gathered from the latest version is preferable to necroing an old report with a comment like "still happens in version x.y.z", even if you think the bug is the same, or suspect of a regression.
Due to the changes made to the qBittorrent code and its dependencies over time, the exact cause of your problem could be totally different than the original one, despite the visible symptoms of the bug being similar.
Thus, providing relevant updated information is crucial to find and fix the root cause of a recurrent problem or regression.

Thank you for your contributions.