Passwords are saved as clear text in Windows registry

From: Carl Duisberg <carl.duisberg_at_gmx.de>
Date: Fri, 12 Jun 2009 19:27:56 +0200

To use tortoise behind a proxy it is necessary to enter a proxy password. This password is saved unencoded in the windows registry. This allows querying from remote computers.

Passwords are sensitive information and should not be saved.

The application should ask for the proxy password when first needed and hold it in memory only until the program is unloaded. Before unloading the memory with the password should be erased.

Best regards

Carl

-- 
GMX FreeDSL Komplettanschluss mit DSL 6.000 Flatrate und Telefonanschluss
für nur 17,95 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2361690
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].

Received on 2009-06-12 19:28:31 CEST

This message: [ Message body ]
Next message: Stefan Küng: "Re: Passwords are saved as clear text in Windows registry"
Previous message: Stefan Küng: "Re: TMerge very slow wit h UTF-16LE files"
Next in thread: Stefan Küng: "Re: Passwords are saved as clear text in Windows registry"
Reply: Stefan Küng: "Re: Passwords are saved as clear text in Windows registry"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]