Bug report #17160

Vulnerability in the proxy settings

Added by Michael Kuerbs 3 months ago. Updated 20 days ago.

Status:Closed
Priority:High
Assignee:Alessandro Pasotti
Category:Network
Affected QGIS version:master Regression?:No
Operating System:Windows Easy fix?:No
Pull Request or Patch supplied:Yes Resolution:fixed/implemented
Crashes QGIS or corrupts data:No

Description

There is a Security problem with domain registrations.
When using the proxy for web access, the password is readable for everyone.
See the registry editor, there is the proxyPassword in plaintext.
The example screenshot is without password and user.

QGIS-Settings.png (66 KB) Michael Kuerbs, 09/19/2017 03:08 PM

proxypassword.png (45.5 KB) Michael Kuerbs, 09/19/2017 03:08 PM

History

#1 Updated by Alessandro Pasotti 3 months ago

  • Assignee set to Alessandro Pasotti

#2 Updated by Alessandro Pasotti 3 months ago

I'm implementing the integration of proxy credentials with the QGIS authentication system

#3 Updated by Alessandro Pasotti 3 months ago

  • Pull Request or Patch supplied changed from No to Yes
  • Affected QGIS version changed from 2.18.12 to master

#4 Updated by Alessandro Pasotti 20 days ago

  • Resolution set to fixed/implemented
  • Status changed from Open to Closed

Also available in: Atom PDF