CintaNotes Forum


http://cintanotes.com/forum/

warn! your proxy password is naked

http://cintanotes.com/forum/viewtopic.php?f=3&t=1522

Page 1 of 1

warn! your proxy password is naked

Posted: Sat Jan 26, 2013 3:36 pm
by assalqou
if you checked 'use proxy' option and typed your server, port, name and passwd,
You should check your 'cintanotes.setting' file.

there's proxy setting is stored like this
system.proxy = SERVER;PORT;USERNAME;PASSWORD;E
(that last character 'E' would mean 'E'nabled use proxy option)

you should know that PASSWORD is not encrypted.

Re: warn! your proxy password is naked

Posted: Wed Jan 30, 2013 1:02 pm
by CintaNotes Developer
Thanks for the warning!
Well since storing password hash in this case won't work (the program needs the password to connect, not just to check if it's correct),
a determined person will be able to crack the code anyway.
But I agree it is bad to store it in clear text.
In the next version we'll scramble it so that at least it will be required to disassemble CintaNotes to get the key used for encryption.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/