Bug report #17160

Vulnerability in the proxy settings

Added by Michael Kuerbs 29 days ago. Updated 23 days ago.

Status:Open
Priority:High
Assignee:Alessandro Pasotti
Category:Network
Affected QGIS version:master Regression?:No
Operating System:Windows Easy fix?:No
Pull Request or Patch supplied:Yes Resolution:
Crashes QGIS or corrupts data:No

Description

There is a Security problem with domain registrations.
When using the proxy for web access, the password is readable for everyone.
See the registry editor, there is the proxyPassword in plaintext.
The example screenshot is without password and user.

QGIS-Settings.png (66 KB) Michael Kuerbs, 09/19/2017 03:08 PM

proxypassword.png (45.5 KB) Michael Kuerbs, 09/19/2017 03:08 PM

History

#1 Updated by Alessandro Pasotti 23 days ago

  • Assignee set to Alessandro Pasotti

#2 Updated by Alessandro Pasotti 23 days ago

I'm implementing the integration of proxy credentials with the QGIS authentication system

#3 Updated by Alessandro Pasotti 23 days ago

  • Pull Request or Patch supplied changed from No to Yes
  • Affected QGIS version changed from 2.18.12 to master

Also available in: Atom PDF