Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#29 Inherent Security Bug

closed-duplicate
Bill Tompkins
None
5
2005-05-09
2005-04-01
Jim
No

When tools>preferences>logging>"log all instant
messages" is turned on, encrypted conversations are
stored in the filesystem in plain text. If a machine
was comprimised after a conversation then the contents
of the encrypted conversation could be discovered. I
don't know if this is a bug or if it was intentional
but it seems like it might deserve an option in the
plugin configuration to not log encrypted conversations.

Discussion

  • Bill Tompkins
    Bill Tompkins
    2005-05-09

    • assigned_to: nobody --> obobo
    • status: open --> closed-duplicate