The Ubuntu community has contributed 12357 ideas, 58479 comments, 1187050 votes
Idea
#10065: Let Pidgin use Gnome keyring for storing passwords
|
| |
592
|
|
|
Written by hagnf the 19 Jun 08 at 20:17.
Category: Security.
Related to:
Nothing/Others.
Status: New
|
|
|
Description
Pidgin saves account passwords in plain text (check the contents of ~/.purple/accounts.xml )
Saving passwords in plain text is wrong! The Gnome keyring is a perfect replacement for this insecure method and should be used.
Attachments
No attachments.
Duplicates
Comments
|
Steeley wrote on the 19 Jun 08 at 21:56
|
Its listed as a potential Summer Of Code idea.
http://developer.pidgin.im/wiki/FutureSOCProjects
"Master Password Support for Multiple Platforms
An implementation of plugin(s) (in addition to the appropriate architecture modifications where applicable) to support gnome-keyring, kwallet, apple-keychain, and/or keepass."
|
|
francois wrote on the 20 Jun 08 at 06:11
| |
This MUST be fixed
|
|
eapache wrote on the 20 Jun 08 at 13:59
|
I didn't realize that they used plain text for passwords! This has to be fixed ASAP.
In the meantime, can anyone suggest an alternative multi-messenger that encrypts passwords? I'm not using pidgin until this is fixed.
|
|
Auzy wrote on the 20 Jun 08 at 14:02
| |
Just dont store your password Eapache. There is no really secure way to store a password.
|
|
joethebarber wrote on the 21 Jun 08 at 01:53
|
http://developer.pidgin.im/wiki/PlainTextPasswords
I'd argue that some security is better than none, and that while some halfassed encryption won't stop someone with skill and malicious intent, it will protect against some prying eyes.
The firefox approach works well, too.
|
|
ben.wade wrote on the 1 Jul 08 at 20:35
| |
Aren't passwords for most IM protocols sent in plain text anyway? If you store the passwords in the Keyring, then you're protecting them from someone that has access to your filesystem, but not someone that is listening to your internet traffic - and it's the latter that seems more likely.
|
|
ilembitov wrote on the 1 Jul 08 at 22:32
| |
Great idea. All the programs in Ubuntu default software set should be integrated as deeply as possible.
|
|
ImGonnaChangeit wrote on the 10 Jul 08 at 02:39
| |
I can't believe even on Hardy this is not fixed. I checked and low and behold my passwords were in sitting there in easy-to-read XML format....
|
|
csahin wrote on the 10 Jul 08 at 20:58
| |
I can't believe that pidgin developers try to justify that storing passwords as plain text is justifiable.. They don't even announce that the password is stored as plain-text in the accounts window!
|
|
boga wrote on the 14 Jul 08 at 07:26
|
In an ideal world where Gnome keyring works flawlessly of course it would be better to store encrypted password in the Gnome keyring. However having had some experience with Gnome keyring while trying to make it work with Network manager on my Eee in Hardy, I'd rather have an unencrypted plain text ICQ password on my hard disk than have to retype the ICQ and keyring password each time it reconnects.
|
Post your comment
|
|
|
