You are here

Security issue with stored password


I just downloaded and played with Coccinella and it looks great. I then started evaluating security aspects and my first question was "how and where does Coccinella stores the passwords on the local machine" ?

At my big surprise, I found out that the passwords are not encrypted and are stored as plain text in the following file:

C:\Documents and Settings\...\Application Data\Coccinella\preferences.rdb

I believe you should store passwords using an encryption algorithm such as Triple DES, for example.



If malicious people can read your preferences.rdb file, they can copy the file with the encrypted password and login to your account, isn't it? So what's the additional security advantage you get? Isn't it better to encrypt (a part of) your file system and always lock your computer screen (or turn of your computer)? Wouldn't that be a much safer and stronger protection?