12-15-2010, 12:16 PM | #1 |
Nameless Being
|
Hide email password
Currently when you set up a mail account, your password is displayed on plain text, once you hit the "Test email" button. Is it possible to hide it?
|
12-15-2010, 12:20 PM | #2 |
creator of calibre
Posts: 43,860
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
test email is explicitly for debugging, that is why the password is shown. Note that hiding the password in that dialog doesn't make your password secure in any fashion. The user can just click show password in the config dialog
|
Advert | |
|
12-15-2010, 12:28 PM | #3 |
Nameless Being
|
Actually once you put the password, anyone can go on the email preferences press the "show" checkbox and see it. This is very useful in the debugging version of the application but potentially disastrous for a user whose laptop is shared or stolen...
|
12-15-2010, 12:35 PM | #4 |
Grand Sorcerer
Posts: 11,742
Karma: 6997045
Join Date: Jan 2010
Location: Notts, England
Device: Kobo Libra 2
|
The problem, of course, is that the password must be sent in plain text to the mail service. That means that it must be convertible to plain text by calibre. That means that if the password is stored encrypted, the decryption algorithm will be plainly visible in the code. That means that no matter what is done, the password is not secure. So why bother?
The same argument is used against DRM. Why do it, because it can be cracked? The publishers are hoping that the buyers are ignorant. |
12-15-2010, 12:42 PM | #5 |
Nameless Being
|
With SSL or TLS capable servers I do not think the password is send over in plain text. I guess I am just asking to make it a little bit harder for anyone using my computer to see my most important password.
|
Advert | |
|
12-15-2010, 12:57 PM | #6 |
creator of calibre
Posts: 43,860
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
with SSL or TLS calibre still needs to know the original password, that is then encrytped by the transport layer. The same will be true of whatever email program you use.
If you are paranoid about your password, do not store it in any programs. |
12-15-2010, 08:46 PM | #7 |
Wizard
Posts: 1,759
Karma: 30063305
Join Date: Dec 2006
Location: Singapore
Device: Boyue
|
Why don't you register a new account on gmail or hotmail just for using with calibre. Or do you need the emails to come from a specific account.
|
12-16-2010, 04:32 AM | #8 |
Nameless Being
|
You bet I am paranoid about that specific password!
I think this is the most sensible solution. Otherwise the developer would have to hash the password for local storage, which can be tricky on an open source application. |
12-16-2010, 10:31 AM | #9 |
creator of calibre
Posts: 43,860
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
@iKarampa: FYI, hashing, whether in closed source or open source applications is *not* secure.
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Email password showing during Test email under Sharing? | Esquire1 | Calibre | 1 | 09-15-2010 02:50 AM |
Hide for Under a Dollar | koland | Deals and Resources (No Self-Promotion or Affiliate Links) | 2 | 06-11-2010 06:14 AM |
iLiad ipdf hide Toolbar | Fermthe | iRex Developer's Corner | 2 | 09-30-2008 04:05 PM |
Yahoo begins test of email service that looks more like desktop email programs | Bob Russell | Lounge | 2 | 09-18-2005 07:20 PM |
Verizon.net email...no email from countries outside the US? | Zire | Lounge | 4 | 02-19-2005 09:29 PM |