Feature Requests item #1006087, was opened at 2004-08-09 13:08
Message generated for change (Comment added) made by lschiere
You can respond by visiting: 

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
>Status: Closed
Resolution: None
Priority: 5
Private: No
Submitted By: Scot Sroka (scotsroka)
Assigned to: Nobody/Anonymous (nobody)
Summary: Potential Security Risk - WinGaim .gaim dir in public path

Initial Comment:
The Windows .gaim directory which stores account 
information, user preferences, log files, etc. is located in 
in \Documents and Settings\All Users\Application 
Data\.gaim. This makes account information, and 
possibly paswords, accessible to any user who logs onto 
the computer. This is a potential security risk and makes 
the use of the product risky in a mutli-user environment. 
(Not to mention that preferences are also global and can 
change at any time, which can be annoying.) 

>From what I can tell, it seems that the directory path 
should be %USERPROFILE%\Application Data\.gaim.


Comment By: Luke Schierer (lschiere)
Date: 2007-04-20 11:00

Logged In: YES 
Originator: NO

As we are closing this tracker, please submit any feature request that is
still valid to http://developer.pidgin.im.  Thanks. 


Comment By: Scot Sroka (scotsroka)
Date: 2004-08-09 21:40

Logged In: YES 

Ah. OK. I checked my home device, and it's in my personal 
directory. I think I know what the issue may be. I could be 
totally off, but it looks like Gaim may be programmed to look 
at the APPDATA variable instead of the USERPROFILE variable. 
On my work device APPDATA points to \Documents and 
Settings\All Users\Application Data. On my home device, 
APPDATA points to my personal directory (\Documents and 
Settings\UserName\Application Data). On both devices 
USERPROFILE points to \Documents and Settings\UserName\. 
If that's the case, is there any harm in changing the code to 


Comment By: Scott Sanders (giveuptheghost)
Date: 2004-08-09 16:51

Logged In: YES 

Hmm, it's in my profile directory here. I have just one XP
account, and it has administrative privileges.


You can respond by visiting: 

This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
Gaim-features mailing list

Reply via email to