[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Passwords are saved as clear text in Windows registry

From: Carl Duisberg <carl.duisberg_at_gmx.de>
Date: Fri, 12 Jun 2009 19:27:56 +0200

To use tortoise behind a proxy it is necessary to enter a proxy password. This password is saved unencoded in the windows registry. This allows querying from remote computers.

Passwords are sensitive information and should not be saved.

The application should ask for the proxy password when first needed and hold it in memory only until the program is unloaded. Before unloading the memory with the password should be erased.

Best regards

Carl

-- 
GMX FreeDSL Komplettanschluss mit DSL 6.000 Flatrate und Telefonanschluss
für nur 17,95 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2361690
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2009-06-12 19:28:31 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.