https://issues.qgis.org/https://issues.qgis.org/favicon.ico2013-06-27T03:22:54ZQGIS Issue TrackingQGIS Application - Feature request #8180: Encryption of Passwords in qgs fileshttps://issues.qgis.org/issues/8180?journal_id=423852013-06-27T03:22:54ZJürgen Fischerjef@norbit.de
<ul></ul><p>You don't need to save username/passwords. If you do they'll be unencrypted (and you are warned about that), if you don't QGIS prompts for credentials, when it needs them.</p> QGIS Application - Feature request #8180: Encryption of Passwords in qgs fileshttps://issues.qgis.org/issues/8180?journal_id=423862013-06-27T03:24:35ZJürgen Fischerjef@norbit.de
<ul><li><strong>Tracker</strong> changed from <i>Bug report</i> to <i>Feature request</i></li></ul> QGIS Application - Feature request #8180: Encryption of Passwords in qgs fileshttps://issues.qgis.org/issues/8180?journal_id=423882013-06-27T04:21:57ZJonathan Moules
<ul></ul><p>Fair point. But then I'd have to share the database password with the users which is very sub-optimal for a whole raft of reasons. I have no issue with storing the password if required (as it will be for us), but it should definitely be encrypted.</p> QGIS Application - Feature request #8180: Encryption of Passwords in qgs fileshttps://issues.qgis.org/issues/8180?journal_id=424422013-06-28T23:31:41ZJürgen Fischerjef@norbit.de
<ul><li><strong>Target version</strong> set to <i>Future Release - High Priority</i></li></ul> QGIS Application - Feature request #8180: Encryption of Passwords in qgs fileshttps://issues.qgis.org/issues/8180?journal_id=439962013-08-12T00:03:41ZMatthias Kuhn
<ul></ul><p>The AES encrypted password (In the project file) + the encryption password (which will have to be given to the users, so they can tell it to QGIS which then can decrypt the password and send it to the DB for login) + an optional salt (which QGIS also has to know) will give a user everything he needs to know, in order to decrypt the original password again. With the difference to the current solution, that 98% of the users won't notice and won't worry, that it would be easy for the other 2% (under them possible attackers) to decrypt the PW.<br />Disclaimer: At least that's the way I understand this (as a non-crypto expert). If there's a misunderstanding from my side, please let me know.</p>
<p>I'd rather implement a proper user role setup in your database (with readonly for some users) with firewall (maybe VPN).</p>
<p>Concerning QGIS: Instead of encrypting keys and store them in the qgs file, a central key storage system may be better suited (some platforms have already built-in things e.g. gnome-keyring)<br />The user will then have his personal password to get access to the keystore. The first time the user connects to the database, you will have to tell him the database password which will then be encrypted on his machine (with his personal password) and stored there, so he doesn't have to memorize it or note it down.</p> QGIS Application - Feature request #8180: Encryption of Passwords in qgs fileshttps://issues.qgis.org/issues/8180?journal_id=439982013-08-12T01:12:04ZJonathan Moules
<ul></ul><p>Matthias Kuhn wrote:</p>
<blockquote>
<p>The AES encrypted password (In the project file) + the encryption password (which will have to be given to the users, so they can tell it to QGIS which then can decrypt the password and send it to the DB for login) + an optional salt (which QGIS also has to know) will give a user everything he needs to know, in order to decrypt the original password again.</p>
</blockquote>
<p>Yes, it's basically like DRM - it's impossible to actually secure it because you need the keys to unlock it with the stuff you want to lock. But unlike DRM I think some sort of security is still better than nothing. :-)</p>
<blockquote>
<p>I'd rather implement a proper user role setup in your database (with readonly for some users) with firewall (maybe VPN).</p>
</blockquote>
<p>We do both and probably more, but it is still like best practice to keep passwords encrypted. At least this way if/when someone posts a project online the passwords aren't open for the world to see. Not all users abide by security best practices; most probably even aren't aware of these issues.</p>
<blockquote>
<p>Concerning QGIS: Instead of encrypting keys and store them in the qgs file, a central key storage system may be better suited (some platforms have already built-in things e.g. gnome-keyring)<br />The user will then have his personal password to get access to the keystore. The first time the user connects to the database, you will have to tell him the database password which will then be encrypted on his machine (with his personal password) and stored there, so he doesn't have to memorize it or note it down.</p>
</blockquote>
<p>This is the sort of solution I was thinking of based on your reply. Seems like one promising direction.</p> QGIS Application - Feature request #8180: Encryption of Passwords in qgs fileshttps://issues.qgis.org/issues/8180?journal_id=588712015-01-26T08:30:54ZJürgen Fischerjef@norbit.de
<ul><li><strong>Category</strong> changed from <i>Data Provider/Oracle</i> to <i>Project Loading/Saving</i></li><li><strong>Assignee</strong> deleted (<del><i>Jürgen Fischer</i></del>)</li><li><strong>Target version</strong> changed from <i>Future Release - High Priority</i> to <i>Future Release - Lower Priority</i></li></ul> QGIS Application - Feature request #8180: Encryption of Passwords in qgs fileshttps://issues.qgis.org/issues/8180?journal_id=769942017-04-30T22:48:28ZGiovanni Manghigiovanni.manghi@gmail.com
<ul><li><strong>Easy fix?</strong> set to <i>No</i></li></ul> QGIS Application - Feature request #8180: Encryption of Passwords in qgs fileshttps://issues.qgis.org/issues/8180?journal_id=815492017-08-11T14:02:04ZJürgen Fischerjef@norbit.de
<ul><li><strong>Duplicated by</strong> <i><a class="issue tracker-2 status-5 priority-4 priority- closed" href="/issues/17009">Feature request #17009</a>: Encypted password in registry</i> added</li></ul>