On Thursday 10 June 2004 21:02, Stephen Gran wrote: > This one time, at band camp, Jean Darcoux said: > > Package: konqueror > > Version: 4:3.2.2-1 > > Severity: important > > Tags: security sarge > > > > If you enter an URL like > > > > ftp://USER:PASS@ftp.site.com > > > > in the URL bar and type enter. The next time you will type the same URL, > > you will see that the username and the password will be autocompleted. > > This indicate that they are stored somewhere on your computer. This can > > be a security problem in the case of a shared computer. > > You understand that linux is a _multi-user_ OS. So, setup seperate user > accounts, so that each person can have each of their settings and > history kept private. This information is most likely stored in the > users ~/.kde/, which is not world-readable here. It still shouldn't display the password part, there was a fix for that in bookmark handling if memory serves me right. I think it is a valid bug report concerning security. Cheers, Kevin
Attachment:
pgpTEv4RFXxE2.pgp
Description: signature