[sylpheed:34938] Re: accountrc windows

IW iw at holuwon.com
Mon Dec 12 07:11:56 JST 2011


I would add that if you are that concerned then don't store the passwords at all. I don't. I enter them every time I check my email. Good because it ensures I never forget my password since I have to recall it/use them several times a day.

Iw
------Original Message------
From: Cristian Secară
Sender: sylpheed-bounces at sraoss.jp
To: sylpheed at sraoss.jp
ReplyTo: sylpheed at sraoss.jp
Subject: [sylpheed:34937] Re: accountrc windows
Sent: Dec 12, 2011 6:30 AM

On Sat, 10 Dec 2011 17:59:38 +0100, Tom Wiles wrote:

> Today i've installed sylpheed for windows and while i was checking it
> out i found out that the file accountrc contains all the passwords in
> clear!

Luckily, because at one point in the past I forgot one of the
accounts password and so I was able to know it again :)

> Now, if someone for some reason gains a read access to a windows
> machine would be able to read all email password.

Normally Sylpheed stores the user data under the user account
directory. While your concern makes sense, a normal user gaining "a
read access to a windows machine" does not automatically has read
permissions under your user files, except if logged as you, or as
administrator, or as some user configured with elevated access.

Other thing, with the passwords either visible or somehow hidden, I
don't see any difference. If the password is [either way] stored, I
suppose that means the application is configured in "remember password"
mode when fetching mail, so if someone launches Sylpheed while logged
on your account, it will simply read any mail, no need to know any
password.

IMO this discussion may have sense only when combined to some master
password when opening the program.

Cristi

-- 
Cristian Secară
http://www.secarica.ro


Via mobile phone (Encrypt email to me @ https://forms.hush.com/iaincw)


More information about the Sylpheed mailing list