[sylpheed:34937] Re: accountrc windows

Cristian Secară liste at secarica.ro
Mon Dec 12 06:30:44 JST 2011


On Sat, 10 Dec 2011 17:59:38 +0100, Tom Wiles wrote:

> Today i've installed sylpheed for windows and while i was checking it
> out i found out that the file accountrc contains all the passwords in
> clear!

Luckily, because at one point in the past I forgot one of the
accounts password and so I was able to know it again :)

> Now, if someone for some reason gains a read access to a windows
> machine would be able to read all email password.

Normally Sylpheed stores the user data under the user account
directory. While your concern makes sense, a normal user gaining "a
read access to a windows machine" does not automatically has read
permissions under your user files, except if logged as you, or as
administrator, or as some user configured with elevated access.

Other thing, with the passwords either visible or somehow hidden, I
don't see any difference. If the password is [either way] stored, I
suppose that means the application is configured in "remember password"
mode when fetching mail, so if someone launches Sylpheed while logged
on your account, it will simply read any mail, no need to know any
password.

IMO this discussion may have sense only when combined to some master
password when opening the program.

Cristi

-- 
Cristian Secară
http://www.secarica.ro


More information about the Sylpheed mailing list