Bug 402936

Summary: Usernames and passwords are stored for autofill as plain text in sqlite database which is the default option
Product: [Applications] Falkon Reporter: Prasad Murthy <phoenix_firebrd>
Component: generalAssignee: David Rosca <nowrep>
Status: RESOLVED INTENTIONAL    
Severity: major    
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Other   
OS: FreeBSD   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Prasad Murthy 2019-01-06 19:05:52 UTC 
SUMMARY

The usernames and passwords we enter in websites are stored for autofill as plain text in unencrypted sqlite database which is a security risk. There is not even a notification to the user about passwords stored a plain text. We should store the login credentials in an encrypted database by default or at least enable the kde wallet extension by default. If not the user should be warned after he chooses to store the login credentials as plain text. IMHO the unencrypted database option should be removed.

STEPS TO REPRODUCE
1. login to a website with your login credentials
2. check the table autofill in browsedata.db database file at ~/.config/falkon/profiles/default/ for usernames and passwords stored as plain text.



EXPECTED RESULT
Secure storage of website login credentials in an encrypted database by default

SOFTWARE/OS VERSIONS

Falkon version: 3.0.0
OS: FreeBSD
QtWebEngine: 5.9.5
Comment 1 David Rosca 2019-01-06 19:29:56 UTC 
KWallet/GnomeKeyring are not available on all systems, and those are only "secure" options that could work without any user interaction.
Everything else requires some user interaction, like creating password (as what encrypted database backend does).

You are correct, the passwords are stored in plain-text by default. Alternative would be to generate some key (which will be stored in the profile directory) and encrypt the password with it, but I don't really think this is any different (both are easily accessible for anyone that have access to your local files).

Also in case of KWallet, once a wallet is opened (usually automatically with login) any application have access to all stored passwords, so it's not really secure either.

I don't really see any solution to this, there is no way to have secure storage without prompting user for password every time the browser is started, and that's not something that most users will be willing to do.
So the default won't be changed.
Comment 2 Prasad Murthy 2019-01-06 20:03:50 UTC 
We could do what firefox does or we could use for example SQLCipher to encrypt the sqlite database and ask the user for the master password every session.
Comment 3 David Rosca 2019-01-06 21:02:12 UTC 
(In reply to Prasad Murthy from comment #2)
> We could do what firefox does or we could use for example SQLCipher to
> encrypt the sqlite database and ask the user for the master password every
> session.

That's effectively the same thing that encrypted database backend already does though.
Comment 4 Prasad Murthy 2019-01-07 04:49:58 UTC 
If the encrypted backend does the same and if it is available on all systems then why not enable it by default and remove the unencrypted database option?