I think the problem is a bit more acute in windows because of easier access to malwares although it can't be underestimated in linux.
On Jan 18, 2008 12:03 PM, Bipin Gautam <[EMAIL PROTECTED]> wrote: > > in windows too Pidgin stores the plain text password in > %userprofile%\../.purple/ folder in plain text with all email of > your conacts and when uninstalled doesnt clear the folder and password > file. > > IM contacts stored locally can be used by mailware to SPAM is a long known > issue > > but as the password is stored under your home directory the FS > permission should take cair of security, though in corporate > environment this might be a little problem. other apps that has option > to store password also store passowrd in encoded form anyways. > There are some other applications but I really believe that pidgin should at least have some option for people to choose. I was taken a bit by surprise that they do so for windows environment too. > > in windows you could use the default encrypted file system feature and > transperently encrypt the folder same goes with *nix system.... > encrypt your home directory. > AFAIK, NTFS's encryption system is pretty good but a general user barely uses that and it can be a rather serious flaw when it comes down to the average joe's computer full of games and spams and stuff... it can be enticing target to some malware makers. > > better option is to remember your IM password instead of storing it as > it could float around in unallocated space of your hdd even long after > deleted! > Oh yeah. It has been long known that some applications do save some stuff in registry and in that respect pidgin does a better job when you uninstall it, at least you don't have the fear of easy access from registry... although you can still access a deleted file from an unencrypted drive (if you know where to look for :) not too sure people would bother to do that. > > On Jan 18, 2008 12:30 AM, Prasanna Gautam <[EMAIL PROTECTED]> > wrote: > > Did you guys know that pidgin saves all your passwords in plaintext? :) > good > > stuff,eh? > > http://developer.pidgin.im/wiki/PlainTextPasswords > > Here's the reason why. > > If you want to look at it... it's at $HOME/.purple/accounts.xml > > I'd also like to give a solution to this that I came across. > > http://www.ubuntugeek.com/fix-for-master-password-expose-for-pidgin.html > > > > Have a nice day, > > Prasanna Gautam > > > > > > > > > > > -- > X-No-Archive: > > > > --~--~---------~--~----~------------~-------~--~----~ FOSS Nepal mailing list: foss-nepal@googlegroups.com http://groups.google.com/group/foss-nepal To unsubscribe, e-mail: [EMAIL PROTECTED] Community website: http://www.fossnepal.org/ -~----------~----~----~----~------~----~------~--~---