[Users] [Bug 4745] New: oauth2: built-in client_id can be stored as plain text
noreply at thewildbeast.co.uk
noreply at thewildbeast.co.uk
Fri Jan 19 18:38:11 UTC 2024
https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4745
Bug ID: 4745
Summary: oauth2: built-in client_id can be stored as plain text
Product: Claws Mail (GTK 2)
Version: GIT
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P3
Component: Other
Assignee: users at lists.claws-mail.org
Reporter: olaf at aepfle.de
Created attachment 2414
-->
https://www.thewildbeast.co.uk/claws-mail/bugzilla/attachment.cgi?id=2414&action=edit
gtk2-oauth2-built-in-client_id-can-be-stored-as-plain-tex.patch
In case Claws Mail is compiled with a built-in client_id and client_secret,
both strings can safely be stored as plain text. There is no need to encode
them as base64 string. The characters to be used is apparently undefined by
RFC6749. It is safe to assume issued client_id strings fit in the ASCII range.
In the unlikely case such string contains a quotation mark, it can be escaped
with a backslash.
Remove the usage of oauth2_decode, also the now unused function. While being
there, also remove the already unused function oauth2_encode.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Users
mailing list