119984 – groupdav resources stores (unused) password in clear text in .kde/share/config/kresources_groupwarerc

Bug 119984 - groupdav resources stores (unused) password in clear text in .kde/share/config/kresources_groupwarerc

Summary: groupdav resources stores (unused) password in clear text in .kde/share/confi...

Status:	CONFIRMED

Alias:	None

Product:	kresources
Classification:	Miscellaneous
Component:	groupdav (show other bugs)
Version:	unspecified
Platform:	openSUSE Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	kdepim bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-01-12 17:03 UTC by Sebastian Reitenbach
Modified:	2006-11-02 19:06 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Reitenbach 2006-01-12 17:03:20 UTC

Version:            (using KDE KDE 3.5.0)
Installed from:    SuSE RPMs
OS:                Linux

the entered password in a groupdav resource configuration window is stored in clear text in the following file:
~/.kde/share/config/kresources_groupwarerc

due to security concerns this is in no way good, especially as it is not used anyway:
http://bugs.kde.org/show_bug.cgi?id=100451

suggestion: remove the password entry field from the groupdave resource configuration interface. The http password authentication will popup and ask for a password. If I want to save it, the kdewallet is used then.

Comment 1 Reinhold Kainhofer 2006-11-02 19:06:49 UTC

Reassigning all KOrganizer bug reports and wishes to the newly created 
korganizer-devel mailing list.