We don't store passwords in gconf, however we do save them in the database. And they are stored in plaintext. I will do some research on how to store them encrypted. One way is to use a passphrase for the app that is used to encode/decode all the other passwords. If using it this way when the app launches it will ask for your passphrase and will be able to decode the passwords that are stored.
If you still use this app and have some more input please fell free to post back.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Edward, being the GRCM a connection manager, it should provide a way to use a password for numerous kinds of connections. But it doesn't. So a user has nothing to do but put passwords to Arguments, which compromises himself in two ways:
1. Passwords are stored in gconf, which is not supposed to be secure (e.g. any app can read any gconf value)
2. Passwords are passed in cmdline. As the result those are seen in /proc via ps.
Asking passwords on every connect diminishes the whole idea of connection manager.
Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
We don't store passwords in gconf, however we do save them in the database. And they are stored in plaintext. I will do some research on how to store them encrypted. One way is to use a passphrase for the app that is used to encode/decode all the other passwords. If using it this way when the app launches it will ask for your passphrase and will be able to decode the passwords that are stored.
If you still use this app and have some more input please fell free to post back.
Edward, being the GRCM a connection manager, it should provide a way to use a password for numerous kinds of connections. But it doesn't. So a user has nothing to do but put passwords to Arguments, which compromises himself in two ways:
1. Passwords are stored in gconf, which is not supposed to be secure (e.g. any app can read any gconf value)
2. Passwords are passed in cmdline. As the result those are seen in /proc via ps.
Asking passwords on every connect diminishes the whole idea of connection manager.
Thanks.
Migrated to remmina which supports this functionality. Sorry.