Bug report #17160

Vulnerability in the proxy settings

Added by Michael Kuerbs over 6 years ago. Updated over 6 years ago.

Status:Closed
Priority:High
Assignee:Alessandro Pasotti
Category:Network
Affected QGIS version:master Regression?:No
Operating System:Windows Easy fix?:No
Pull Request or Patch supplied:Yes Resolution:fixed/implemented
Crashes QGIS or corrupts data:No Copied to github as #:25059

Description

There is a Security problem with domain registrations.
When using the proxy for web access, the password is readable for everyone.
See the registry editor, there is the proxyPassword in plaintext.
The example screenshot is without password and user.

QGIS-Settings.png (66 KB) Michael Kuerbs, 2017-09-19 03:08 PM

proxypassword.png (45.5 KB) Michael Kuerbs, 2017-09-19 03:08 PM

History

#1 Updated by Alessandro Pasotti over 6 years ago

  • Assignee set to Alessandro Pasotti

#2 Updated by Alessandro Pasotti over 6 years ago

I'm implementing the integration of proxy credentials with the QGIS authentication system

#3 Updated by Alessandro Pasotti over 6 years ago

  • Pull Request or Patch supplied changed from No to Yes
  • Affected QGIS version changed from 2.18.12 to master

#4 Updated by Alessandro Pasotti over 6 years ago

  • Resolution set to fixed/implemented
  • Status changed from Open to Closed

Also available in: Atom PDF