Bug report #17160

Vulnerability in the proxy settings

Added by Michael Kuerbs about 1 year ago. Updated 10 months ago.

Status:Closed
Priority:High
Assignee:Alessandro Pasotti
Category:Network
Affected QGIS version:master Regression?:No
Operating System:Windows Easy fix?:No
Pull Request or Patch supplied:Yes Resolution:fixed/implemented
Crashes QGIS or corrupts data:No

Description

There is a Security problem with domain registrations.
When using the proxy for web access, the password is readable for everyone.
See the registry editor, there is the proxyPassword in plaintext.
The example screenshot is without password and user.

QGIS-Settings.png (66 KB) Michael Kuerbs, 2017-09-19 03:08 PM

proxypassword.png (45.5 KB) Michael Kuerbs, 2017-09-19 03:08 PM

History

#1 Updated by Alessandro Pasotti 12 months ago

  • Assignee set to Alessandro Pasotti

#2 Updated by Alessandro Pasotti 12 months ago

I'm implementing the integration of proxy credentials with the QGIS authentication system

#3 Updated by Alessandro Pasotti 12 months ago

  • Pull Request or Patch supplied changed from No to Yes
  • Affected QGIS version changed from 2.18.12 to master

#4 Updated by Alessandro Pasotti 10 months ago

  • Resolution set to fixed/implemented
  • Status changed from Open to Closed

Also available in: Atom PDF