Bugs item #3065127, was opened at 2010-09-13 02:32 Message generated for change (Settings changed) made by freyther You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=843359&aid=3065127&group_id=167540
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Closed Resolution: Fixed >Priority: 6 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Karl Beecher (k_beecher) Summary: Password stored in plain text Initial Comment: The users password is stored in plain text in the <WORKSPACE>/.metadata/.plugins/org.eclipse.core.runtime/.settings/de.fu_berlin.inf.dpp.prefs file. ---------------------------------------------------------------------- Comment By: Karl Beecher (k_beecher) Date: 2011-04-29 08:47 Message: Fixed in r3288 ---------------------------------------------------------------------- Comment By: Björn Kahlert (bkahlert) Date: 2011-04-07 16:52 Message: I absolutely agree to the last comment. There are multiple reasons why we should store credentials securely. In case of company-wide LDAP services or Active Directory people's plainly saved credentials would present a real threat. Another reason is that many people use the same password for different services either way. I would also doubt that the use of Saros in ISO certified (e.h. 9001, 27001) companies is even tenable. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2011-04-07 15:14 Message: XMPP accounts are not the only thing at stake. Many corporations have internal Jabber servers which use the company-wide LDAP / ActiveDirectory for authentication. Storing passwords in plain text is a serious security vulnerability. ---------------------------------------------------------------------- Comment By: A. Haferburg (ahaferburg) Date: 2010-09-20 23:37 Message: While I don't think the XMPP account is very critical, this might be an issue if someone uses the same password for more important accounts. http://help.eclipse.org/helios/index.jsp?topic=/org.eclipse.platform.doc.isv/guide/secure_storage_dev.htm ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=843359&aid=3065127&group_id=167540 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Dpp-robot mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dpp-robot
