You cannot put someone's password in cleartext into a configuration file. That needs to be reverted right away.
On 04/04/2010 07:04 PM, Andrea Florio wrote: > Hi people.. there is my situation... > > using latest keyrig (2.30) and this lxdm git release: > > http://lxde.git.sourceforge.net/git/gitweb.cgi?p=lxde/lxdm;a=commitdiff;h=ba2317dfbe0b91c5ee209daed794f6ebba7d5157 > > i can consider it as fixed (at least on suse, it "simply" works) > > that is true if password is provided. > > If autologin is enabled, that don't work but i don't consider that a > problem, even because the same thing happen using gdm. > > i appreciate effort to have it working even with autologin, but i really > think that patch: > > http://lxde.git.sourceforge.net/git/gitweb.cgi?p=lxde/lxdm;a=commitdiff;h=2895c16d2129ce7f93a73c52744f7b146cfc2e44 > > to be e BIG security hole. The problem IMHO is not to have the password > into conf file, but the problem is that the password is NOT encrypted. > > this patch should than removed (best choice) or allow to save the > password into conf file into encrypted mode. > > Best Regards > Andrea > > Il 03/04/2010 16:11, dgod ha scritto: >> things have pushed to git, things should work when you login with passwd. >> >> if auto login , things is bad. >> >> this should the bug of gnome-keyring, they really need user to provide >> passwd. should user to provide their passwd to work with this, I don't think >> so. >> > ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Lxde-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lxde-list
