Bug report #3862

world-readable postgresql account passwords in QGIS.conf

Added by Sandro Santilli over 8 years ago. Updated about 6 years ago.

Status:Closed
Priority:Low
Assignee:-
Category:Data Provider
Affected QGIS version:master Regression?:No
Operating System:Debian Easy fix?:No
Pull Request or Patch supplied:No Resolution:fixed
Crashes QGIS or corrupts data:No Copied to github as #:13920

Description

I've seen ~/.config/QuantumGIS/QGIS.conf is created as world-readable, and contains posgresql account passwords...

Looking for other examples I've found vlc and transmission configs also having some passwords, and they are properly created with permissions 0600.

BTW, there's no appropriate Component value for this ticket


Related issues

Related to QGIS Application - Bug report #5959: WMS password visible Closed 2012-07-06
Duplicated by QGIS Application - Feature request #4823: Add warning when saving PGsql/PostGIS passwords Closed 2012-01-16

History

#1 Updated by Giovanni Manghi almost 8 years ago

  • Target version changed from Version 1.7.0 to Version 1.7.4

#2 Updated by Jürgen Fischer over 7 years ago

  • Crashes QGIS or corrupts data set to No
  • Affected QGIS version set to master
  • Pull Request or Patch supplied set to No
  • Assignee deleted (nobody -)
  • Status changed from Open to Closed
  • Resolution set to fixed

implemented in 72c04ce8

#3 Updated by Jürgen Fischer about 6 years ago

  • Subject changed from world-readable posgresql account passwords in QGIS.conf to world-readable postgresql account passwords in QGIS.conf

Also available in: Atom PDF