[Users] [Bug 3099] Username and password stored in plain text

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Mon Mar 10 16:23:35 CET 2014


--- Comment #5 from Ricardo Mones <mones at users.sourceforge.net> ---
Not sure if you had read my initial comment or not. AFAIK "any process, running
with the current user ID" is by definition all the processes run by you. Don't
see why Claws Mail should protect your .claws-mail dir from your processes,
unless you share your account password with somebody else.

As explained you can have your .claws-mail stored in a encrypted volume (or
loop-back mounted filesystem), only password mounted when you run Claws Mail,
umounted afterwards. Your current user ID visitors would only see an empty
.claws-mail (unless you're running Claws Mail at the same time, of course).

You can also use SELinux to restrict access to your .claws-mail to claws-mail
binary only, for example. And also this combined with the above.

So, even if you share your password, there's workarounds to avoid others seeing
that password. Not without some effort, of course.

You are receiving this mail because:
You are the assignee for the bug.

More information about the Users mailing list