402936 – Usernames and passwords are stored for autofill as plain text in sqlite database which is the default option

Bug 402936 - Usernames and passwords are stored for autofill as plain text in sqlite database which is the default option

Summary: Usernames and passwords are stored for autofill as plain text in sqlite datab...

Status:	RESOLVED INTENTIONAL

Alias:	None

Product:	Falkon
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Other FreeBSD

Importance:	NOR major
Target Milestone:	---
Assignee:	David Rosca

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-01-06 19:05 UTC by Prasad Murthy
Modified:	2019-01-07 04:49 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Prasad Murthy 2019-01-06 19:05:52 UTC

SUMMARY

The usernames and passwords we enter in websites are stored for autofill as plain text in unencrypted sqlite database which is a security risk. There is not even a notification to the user about passwords stored a plain text. We should store the login credentials in an encrypted database by default or at least enable the kde wallet extension by default. If not the user should be warned after he chooses to store the login credentials as plain text. IMHO the unencrypted database option should be removed.

STEPS TO REPRODUCE
1. login to a website with your login credentials
2. check the table autofill in browsedata.db database file at ~/.config/falkon/profiles/default/ for usernames and passwords stored as plain text.



EXPECTED RESULT
Secure storage of website login credentials in an encrypted database by default

SOFTWARE/OS VERSIONS

Falkon version: 3.0.0
OS: FreeBSD
QtWebEngine: 5.9.5

Comment 1 David Rosca 2019-01-06 19:29:56 UTC

KWallet/GnomeKeyring are not available on all systems, and those are only "secure" options that could work without any user interaction.
Everything else requires some user interaction, like creating password (as what encrypted database backend does).

You are correct, the passwords are stored in plain-text by default. Alternative would be to generate some key (which will be stored in the profile directory) and encrypt the password with it, but I don't really think this is any different (both are easily accessible for anyone that have access to your local files).

Also in case of KWallet, once a wallet is opened (usually automatically with login) any application have access to all stored passwords, so it's not really secure either.

I don't really see any solution to this, there is no way to have secure storage without prompting user for password every time the browser is started, and that's not something that most users will be willing to do.
So the default won't be changed.

Comment 2 Prasad Murthy 2019-01-06 20:03:50 UTC

We could do what firefox does or we could use for example SQLCipher to encrypt the sqlite database and ask the user for the master password every session.

Comment 3 David Rosca 2019-01-06 21:02:12 UTC

(In reply to Prasad Murthy from comment #2)
> We could do what firefox does or we could use for example SQLCipher to
> encrypt the sqlite database and ask the user for the master password every
> session.

That's effectively the same thing that encrypted database backend already does though.

Comment 4 Prasad Murthy 2019-01-07 04:49:58 UTC

If the encrypted backend does the same and if it is available on all systems then why not enable it by default and remove the unencrypted database option?