Trac is being migrated to new services! Issues can be found in our new
YouTrack instance and WIKI pages can be found on our
website.
- Timestamp:
-
May 9, 2007, 2:03:33 AM (17 years ago)
- Author:
-
lschiere
- Comment:
-
--
Legend:
- Unmodified
- Added
- Removed
- Modified
-
v1
|
v2
|
|
20 | 20 | There are basically four approaches to password storage.[[BR]] |
21 | 21 | |
22 | | * '''Store a password(s) behind a password.''' Basically this means that we require you to type in some passphrase as Purple starts in order to read the {{{accounts.xml}}} file, and, to be truly secure, require you to type it again if you write to it. Winicq does something very similar to this if you set it to its highest security settings. |
| 22 | * '''Store a password(s) behind a password.''' Basically this means that we require you to type in some passphrase as Purple starts in order to read the {{{accounts.xml}}} file, and, to be truly secure, require you to type it again if you write to it. Winicq does something very similar to this if you set it to its highest security settings. |
23 | 23 | |
24 | | * '''Obscure a password.''' This means we do something to store the password in some format other than plain text, but we automatically convert it for you. This is security by obscurity, and is a Very Bad Thing™ in that it gives users a false sense of security. A false sense that we (Purple developers) believe would be worse to have than to let informed users deal with the password issue themselves. Consider that a naive user might think that it is safe to share his or her accounts.xml, because the passwords are "encrypted".[[BR]] |
| 24 | * '''Obscure a password.''' This means we do something to store the password in some format other than plain text, but we automatically convert it for you. This is security by obscurity, and is a Very Bad Thing™ in that it gives users a false sense of security. A false sense that we (Purple developers) believe would be worse to have than to let informed users deal with the password issue themselves. Consider that a naive user might think that it is safe to share his or her accounts.xml, because the passwords are "encrypted".[[BR]] |
25 | 25 | |
26 | | * '''Store the password in plain text and control access to the file.''' This is what Purple does: the password is in {{{accounts.xml}}} in plain text, but the file itself is only readable by its owner. We allow the user to determine under what conditions sensitive files should be opened (if at all), and what constitutes a breach of security. |
| 26 | * '''Store the password in plain text and control access to the file.''' This is what Purple does: the password is in {{{accounts.xml}}} in plain text, but the file itself is only readable by its owner. We allow the user to determine under what conditions sensitive files should be opened (if at all), and what constitutes a breach of security. |
27 | 27 | |
28 | | * '''Lastly, you can not store passwords at all.''' This is Purple's default, and by far the most secure of all of the options. |
| 28 | * '''Lastly, you can not store passwords at all.''' This is Purple's default, and by far the most secure of all of the options. |
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!