[sylpheed:36117] Re: passwords of accounts

Cristian Secară liste at secarica.ro
Mon Jun 30 22:16:35 JST 2014


În data de Fri, 27 Jun 2014 06:47:36 -0700, Globe Trotter a scris:

> When I set up my SMTP send-mail and IMAP/POP3
> receive-mail accounts, I am prompted for a password. I can leave it
> blank but that means that everytime I start a session or send e-mail,
> I have to type in a password. However, if I store the password, it is
> stored in clear text in accountrc (and who knows where else) so
> anyone with access to the accountrc file (and the backup versions)
> can get hold of the password. Is it possible to store this in
> encrypted version instead of clear text?

First, if "someone" gain access to your system's account without
permission, then you have a big problem.

Second, even if the password is stored in some encrypted form, *if*
gaining access to your system's account, I can immagine one can take the
Sylpheed config files and copy them "as is" onto another system with a
fresh Sylpheed install and fetch from there. No need to actually know
the password.

Perhaps a better approach (for those who really needs this) would be a
master password, for which requests were already made over time
(for example here
http://www.sraoss.jp/pipermail/sylpheed/2009-May/thread.html )

Cristi

-- 
Cristian Secară
http://www.secarica.ro


More information about the Sylpheed mailing list