Obfuscating stored passwords only provides a minimal level of additional protection. If you are using a system where someone has access to your configuration files (example: public computer lab in a library or college campus), then do *not* store your password on that machine. If someone has the same access to that machine as you do, consider any information you store on it to be publicly available, and take appropriate precautions for sensitive information.
-MightyE
Neil Dickey wrote:
Marc Ruef <marc.ruef@computec.ch> wrote:
The following paste shows the IMAP mail part of this configuration file.I notice from the line immediately following that you have the package
You can see that the line 17 shows the unencrypted password
("MyPassword4").
[ ... Snip ... ]
user_pref("mail.imap.server.imap.computec.ch.password", "MyPassword4");
user_pref("mail.imap.server.imap.computec.ch.remember_password", true);
remember your password. It's been my understanding that doing so is
bad practice because that's just the sort of thing that someone probing
your system would very likely be looking for. Certainly if you save
your password only in your head, then whether or not the program stores
it in the clear is a moot question. ;-)
Best regards,
Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
