[sylpheed:32955] Re: feature request - master password to protect all account passwords
stef
stef_204 at yahoo.com
Sat May 2 03:17:03 JST 2009
This is definitely a security risk, IMHO.
And seems to emphasize my original point.
--- On Fri, 5/1/09, Bob White <bob at bob-white.com> wrote:
> From: Bob White <bob at bob-white.com>
> Subject: Re: [sylpheed:32953] feature request - master password to protect all account passwords
> To: sylpheed at sraoss.jp
> Cc: stef_204 at yahoo.com, sylpheed at sraoss.jp
> Date: Friday, May 1, 2009, 9:25 AM
> On Fri, 1 May 2009 09:03:03 -0700 (PDT)
> stef <stef_204 at yahoo.com> wrote:
>
> >
> > Hi,
> >
> > I wanted to suggest what I feel would be an important
> feature: implementing a master password to protect all
> other account/server passwords.
> >
> > For example, I use quite a few email accounts and all
> are IMAP with SSL.
> >
> > I cannot remember all the passwords
> "mentally" so I tell Sylpheed to store them for
> me.
> >
> > However, this leads to a security risk in that anybody
> could theoretically start up my Sylpheed client and download
> and read all my emails, on any accounts, etc.
> >
> > Mozilla has an excellent counter-measure for this
> security problem in that they have implemented a master
> password that is requested of the user to access any other
> password, or protected email accounts.
> >
> > This raises the security level. I believe it is done
> on a "per session" basis.
> >
> > Sure, I have a user password on my Linux box,so that
> in itself is a security measure; I can lock my Linux session
> as well.
> >
> > But I wanted to mention this as it is still a concern
> to me, in cases where the other 2 measures do not apply
> (probably through oversight on user's part.)
> >
> > Are there any other users interested in a "Master
> Password" feature?
> >
> > Hiro, is it something you might consider adding to
> Sylpheed at some point? Or perhaps, you consider time is
> better spent on the email features and not on redundant
> security features?
> >
> > Lastly, are the account passwords currently stored
> with encryption or are they available to see to any snooping
> or prying eyes gaining access to your box (while you're
> at lunch for example) and looking for the exact right file
> where the passwords are stored, etc.?
> >
> > Thanks.
> >
> >
> >
> >
> >
> Hi Stef,
>
> The passwords are stored in plain text in the
> .sylpheed-2.0/accountrc
> file.
>
> Bob W.
More information about the Sylpheed
mailing list