Bug report #17160
Vulnerability in the proxy settings
| Status: | Closed | ||
|---|---|---|---|
| Priority: | High | ||
| Assignee: |  Alessandro Pasotti | ||
| Category: | Network | ||
| Affected QGIS version: | master | Regression?: | No |
| Operating System: | Windows | Easy fix?: | No |
| Pull Request or Patch supplied: | Yes | Resolution: | fixed/implemented |
| Crashes QGIS or corrupts data: | No | Copied to github as #: | 25059 |
Description
There is a Security problem with domain registrations.
When using the proxy for web access, the password is readable for everyone.
See the registry editor, there is the proxyPassword in plaintext.
The example screenshot is without password and user.
History
#1
Updated by Alessandro Pasotti about 7 years ago
- Assignee set to Alessandro Pasotti
#2
Updated by Alessandro Pasotti about 7 years ago
I'm implementing the integration of proxy credentials with the QGIS authentication system
#3
Updated by Alessandro Pasotti about 7 years ago
- Pull Request or Patch supplied changed from No to Yes
- Affected QGIS version changed from 2.18.12 to master
Preliminary PR: https://github.com/qgis/QGIS/pull/5253
#4
Updated by Alessandro Pasotti about 7 years ago
- Resolution set to fixed/implemented
- Status changed from Open to Closed
Implemented with https://github.com/qgis/QGIS/pull/5253