Areca Backup / Bugs / #461 Password is stored as plain text in the configuration file

#461 Password is stored as plain text in the configuration file

Milestone: areca-7.x

Status: closed

Owner: nobody

Labels: password plain xml (1)

Priority: 3

Updated: 2015-02-17

Created: 2012-10-17

Creator: Paul

Private: No

The backup encryption password is stored as plain text in the settings xml file ('.bcfg')
I would like to see it stored encrypted to preserve the security of the backups.Thanks.

Discussion

SanskritFritz - 2012-10-17

If you check the backed up config file, you'll see that the password is not there. Areca only stores the password locally.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Paul - 2012-10-17
  
  Okay I see that is the case however storing the password locally in plain text is still a security risk, especially on XP. I was very surprised to see it there. Anyone with access to the local machine could potentially see the passwords. My request is that the password be encrypted within the application and stored that way in the local config file as it seems that the encryption code is present in the software already. I am asking this as an enhancement to a great piece of software.
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

aventin - 2013-08-21

Hi

This is available in v7.3.6

Best regards

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

aventin - 2013-08-21

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Password is stored as plain text in the configuration file

Group

Searches

Help

#461 Password is stored as plain text in the configuration file

Discussion