>From a security PoV this is basic security by obscurity and effectively pointless - they are simply XORing each byte with a fixed value and then base64 encoding it - since the source code is public anyone can easily find this out and hence easily decode it - the only way to do this securely would be to have the DBus peers negotiate a session key and encrypt it properly using this - so I don't think there is any point adding this faux-encryption in this case.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1828124 Title: org.gnome.evolution.dataserver.Source completely unveils account credentials in plain text while using dbus-monitor To manage notifications about this bug go to: https://bugs.launchpad.net/evolution-data-server/+bug/1828124/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
