Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Software > Calibre

Notices

Reply
 
Thread Tools Search this Thread
Old 12-15-2010, 12:16 PM   #1
iKarampa
Member
iKarampa began at the beginning.
 
Posts: 10
Karma: 10
Join Date: Dec 2010
Device: Kindle
Exclamation Hide email password

Currently when you set up a mail account, your password is displayed on plain text, once you hit the "Test email" button. Is it possible to hide it?
iKarampa is offline   Reply With Quote
Old 12-15-2010, 12:20 PM   #2
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 24,803
Karma: 4369673
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
test email is explicitly for debugging, that is why the password is shown. Note that hiding the password in that dialog doesn't make your password secure in any fashion. The user can just click show password in the config dialog
kovidgoyal is online now   Reply With Quote
Old 12-15-2010, 12:28 PM   #3
iKarampa
Member
iKarampa began at the beginning.
 
Posts: 10
Karma: 10
Join Date: Dec 2010
Device: Kindle
Actually once you put the password, anyone can go on the email preferences press the "show" checkbox and see it. This is very useful in the debugging version of the application but potentially disastrous for a user whose laptop is shared or stolen...
iKarampa is offline   Reply With Quote
Old 12-15-2010, 12:35 PM   #4
chaley
"chaley", not "charley"
chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.
 
Posts: 4,699
Karma: 800142
Join Date: Jan 2010
Location: France
Device: PRS-300, Galaxy Nexus, Nexus 7, HTC Sensation, Galaxy Tab 10.1
The problem, of course, is that the password must be sent in plain text to the mail service. That means that it must be convertible to plain text by calibre. That means that if the password is stored encrypted, the decryption algorithm will be plainly visible in the code. That means that no matter what is done, the password is not secure. So why bother?

The same argument is used against DRM. Why do it, because it can be cracked? The publishers are hoping that the buyers are ignorant.
chaley is offline   Reply With Quote
Old 12-15-2010, 12:42 PM   #5
iKarampa
Member
iKarampa began at the beginning.
 
Posts: 10
Karma: 10
Join Date: Dec 2010
Device: Kindle
With SSL or TLS capable servers I do not think the password is send over in plain text. I guess I am just asking to make it a little bit harder for anyone using my computer to see my most important password.
iKarampa is offline   Reply With Quote
Old 12-15-2010, 12:57 PM   #6
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 24,803
Karma: 4369673
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
with SSL or TLS calibre still needs to know the original password, that is then encrytped by the transport layer. The same will be true of whatever email program you use.

If you are paranoid about your password, do not store it in any programs.
kovidgoyal is online now   Reply With Quote
Old 12-15-2010, 08:46 PM   #7
Dopedangel
Wizard
Dopedangel ought to be getting tired of karma fortunes by now.Dopedangel ought to be getting tired of karma fortunes by now.Dopedangel ought to be getting tired of karma fortunes by now.Dopedangel ought to be getting tired of karma fortunes by now.Dopedangel ought to be getting tired of karma fortunes by now.Dopedangel ought to be getting tired of karma fortunes by now.Dopedangel ought to be getting tired of karma fortunes by now.Dopedangel ought to be getting tired of karma fortunes by now.Dopedangel ought to be getting tired of karma fortunes by now.Dopedangel ought to be getting tired of karma fortunes by now.Dopedangel ought to be getting tired of karma fortunes by now.
 
Dopedangel's Avatar
 
Posts: 1,063
Karma: 8498867
Join Date: Dec 2006
Location: Singapore
Device: Coolreader(Nexus 5)\Coolreader(Nook Touch)
Quote:
Originally Posted by iKarampa View Post
With SSL or TLS capable servers I do not think the password is send over in plain text. I guess I am just asking to make it a little bit harder for anyone using my computer to see my most important password.
Why don't you register a new account on gmail or hotmail just for using with calibre. Or do you need the emails to come from a specific account.
Dopedangel is offline   Reply With Quote
Old 12-16-2010, 04:32 AM   #8
iKarampa
Member
iKarampa began at the beginning.
 
Posts: 10
Karma: 10
Join Date: Dec 2010
Device: Kindle
You bet I am paranoid about that specific password!

Quote:
Originally Posted by Dopedangel View Post
Why don't you register a new account on gmail or hotmail just for using with calibre. Or do you need the emails to come from a specific account.
I think this is the most sensible solution. Otherwise the developer would have to hash the password for local storage, which can be tricky on an open source application.
iKarampa is offline   Reply With Quote
Old 12-16-2010, 10:31 AM   #9
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 24,803
Karma: 4369673
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
@iKarampa: FYI, hashing, whether in closed source or open source applications is *not* secure.
kovidgoyal is online now   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Email password showing during Test email under Sharing? Esquire1 Calibre 1 09-15-2010 02:50 AM
Hide for Under a Dollar koland Deals, Freebies, and Resources (No Self-Promotion) 2 06-11-2010 06:14 AM
iLiad ipdf hide Toolbar Fermthe iRex Developer's Corner 2 09-30-2008 04:05 PM
Yahoo begins test of email service that looks more like desktop email programs Bob Russell Lounge 2 09-18-2005 07:20 PM
Verizon.net email...no email from countries outside the US? Zire Lounge 4 02-19-2005 09:29 PM


All times are GMT -4. The time now is 12:56 AM.


MobileRead.com is a privately owned, operated and funded community.