Bug report #3862

world-readable postgresql account passwords in QGIS.conf

Added by Sandro Santilli over 11 years ago. Updated over 9 years ago.

Category:Data Provider
Affected QGIS version:master Regression?:No
Operating System:Debian Easy fix?:No
Pull Request or Patch supplied:No Resolution:fixed
Crashes QGIS or corrupts data:No Copied to github as #:13920


I've seen ~/.config/QuantumGIS/QGIS.conf is created as world-readable, and contains posgresql account passwords...

Looking for other examples I've found vlc and transmission configs also having some passwords, and they are properly created with permissions 0600.

BTW, there's no appropriate Component value for this ticket

Related issues

Related to QGIS Application - Bug report #5959: WMS password visible Closed 2012-07-06
Duplicated by QGIS Application - Feature request #4823: Add warning when saving PGsql/PostGIS passwords Closed 2012-01-16


#1 Updated by Giovanni Manghi almost 11 years ago

  • Target version changed from Version 1.7.0 to Version 1.7.4

#2 Updated by Jürgen Fischer over 10 years ago

  • Crashes QGIS or corrupts data set to No
  • Affected QGIS version set to master
  • Pull Request or Patch supplied set to No
  • Assignee deleted (nobody -)
  • Status changed from Open to Closed
  • Resolution set to fixed

implemented in 72c04ce8

#3 Updated by Jürgen Fischer over 9 years ago

  • Subject changed from world-readable posgresql account passwords in QGIS.conf to world-readable postgresql account passwords in QGIS.conf

Also available in: Atom PDF