Gwibber saves readable passwords
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Gwibber |
Fix Released
|
Undecided
|
Ryan Paul | ||
gwibber (Ubuntu) |
Fix Released
|
High
|
Ken VanDine | ||
Lucid |
Fix Released
|
High
|
Ken VanDine |
Bug Description
Using gconf, gwibber saves clear informations about accounts.
For example, this is the xml represents one of my accounts:
<?xml version="1.0"?>
<gconf>
<entry name="search_
<entry name="public_
<entry name="send_enabled" mtime="1247550059" type="bool" value="true"/>
<entry name="receive_
<entry name="password" mtime="1247300286" type="string">
<stringvalue>
</entry>
<entry name="username" mtime="1247300284" type="string">
<stringvalue>
</entry>
<entry name="message_
<stringvalue>
</entry>
<entry name="protocol" mtime="1247300281" type="string">
<stringvalue>
</entry>
</gconf>
This is just an example with the identica protocol. I'm seeing that gwibber do the same with the twitter protocol.
As you can see on your workstation, gwibber saves clear password of any accounts.
Is there someway to preserve these informations from "curious eyes" ??
Changed in gwibber (Ubuntu): | |
assignee: | nobody → Ken VanDine (ken-vandine) |
Changed in gwibber: | |
assignee: | nobody → Ryan Paul (segphault) |
milestone: | none → 2.30.0 |
status: | New → Triaged |
Changed in gwibber (Ubuntu): | |
milestone: | none → ubuntu-10.04-beta-2 |
status: | Incomplete → Triaged |
Changed in gwibber (Ubuntu): | |
milestone: | ubuntu-10.04-beta-2 → none |
Changed in gwibber (Ubuntu): | |
status: | Triaged → Fix Committed |
Changed in gwibber: | |
status: | Triaged → Fix Committed |
Changed in gwibber (Ubuntu): | |
milestone: | none → ubuntu-10.04-beta-2 |
Changed in gwibber (Ubuntu): | |
status: | Fix Committed → New |
Changed in gwibber: | |
status: | Fix Committed → Fix Released |
Gwibber has built-in support for using the GNOME keyring, but it is disabled in developer builds. You can manually enable it yourself by uncommenting the "import gnomekeyring" line in gwp.py and config.py.
GNOME recently transitioned its keyring to using D-Bus as the communication protocol. This introduced some technical defects that make the keyring work poorly with Gwibber's configuration abstraction layer. If you attempt to enable keyring support in Gwibber on the latest stable version of GNOME, there is a chance that the keyring daemon will crash.