Linked by Eugenia Loli-Queru on Wed 23rd May 2007 00:46 UTC
Today, while I was trying to create a SIP Presence account for VoIPBuster, Pidgin kept crashing. I had to find its settings in my personal folder in order to manually edit the accounts.xml file and remove the entry (so Pidgin could start up again normally instead of keep crashing on load). When I opened the accounts.xml file with a plain text editor, all the passwords of all my accounts were listed out in the open in plain text. This is not a new issue, it was discussed many times before, but it can still be a surprise for most users.
Thread beginning with comment 242529
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-08-11
Member since:2007-01-20
Member since:
2007-01-20
That's correct. If it's a standard install on Windows, a Pidgin profile will be stored in %appdata% (which is roughly equivalent to a collection of the "dot" directories in the home directory on a *n?x).
That means that -- if "Documents and Settings" (or the custom equivalent) is on an NTFS drive -- non-administrator accounts can't access it, which is enough information for most people reading this to secure it without even touching NTFS ACLs (which is a sticky spider web itself, even if ultimately deviously fun).