Bug report #3862
world-readable postgresql account passwords in QGIS.conf
|Affected QGIS version:||master||Regression?:||No|
|Operating System:||Debian||Easy fix?:||No|
|Pull Request or Patch supplied:||No||Resolution:||fixed|
|Crashes QGIS or corrupts data:||No||Copied to github as #:||13920|
I've seen ~/.config/QuantumGIS/QGIS.conf is created as world-readable, and contains posgresql account passwords...
Looking for other examples I've found vlc and transmission configs also having some passwords, and they are properly created with permissions 0600.
BTW, there's no appropriate Component value for this ticket