encrypt passwords (ie. ng server & EMAIL!) in sabnzbd.ini

[zifnab]

Hi.
I know this subject has already been discussed a bit.
Still, I did see mentionned the ng server password, but I would stress out the email password that is also in plaintext AND that is in my opinion WAY more sensitive and would IMHO urge more for an action on this topic.
As a reminder, Gmail for example does require authentication for smtp, thus your full email account could get compromised.
Any user/app/script having access to the user session is able to pick those passwords way too easily.

I know that encryption is not that easy: if the program can unencrypt so does a dedicated guy who has access to the source code (as sabnzbd is open source).
Even then, I still think that obfuscation of the password is the way to go, as it can prevent 98% (give or take ) of usual ways to get it (as 2% have the knowledge & time to go through all the pain to pin point the way sabnzbd does it).
Moreover, I can think of ways to link the encryption to things/settings on the computer hosting sabnzbd (to obfuscate it a little bit more, still not a perfect solution either). If those uncommon things get changed, the unencryption will fail to produce the proper password, authentication will fail, and you can then re-ask the user the password(s) (should'nt happen too often that way).

I hope you consider even basic obfuscation, despite not being perfect, as a good way to drastically reduce the population of people who can so easily get that sensitive info.

Thanks for your hard work & dedication to make sabnzbd the best ng client out there!

[shypike]

There are ways in Windows and OSX to tie encryption to the user account.
There aren't any generic methods for Linux systems to do the same.
To some extend this would be a pseudo security.

We're definitely not going to implement DIY security measures.
For the more paranoid we could ask a decryption password at start up.
But I doubt if many users would appreciate the inconvenience.

[sander]

Hmm. Good point. I just tried on my Linux system, and as another user I can read the sabnzbd.ini with the newsserver password (I have no mail settings, so that is not a problem for me).

I'll now change the Linux rights so that the file (or directory) is not readable anymore.

So, OP, can you take care of it on the OS-level?

Code: Select all

sander@R540:~$ su - felker
Password: 
felker@R540:~$ 
felker@R540:~$ 
felker@R540:~$ ll /home/sander/.sabnzbd/
total 56
drwxr-xr-x  4 sander sander  4096 2011-10-12 20:10 ./
drwxr-xr-x 97 sander sander 12288 2011-10-12 20:10 ../
drwxr-xr-x  3 sander sander  4096 2011-10-13 19:19 admin/
drwxr-xr-x  3 sander sander  4096 2011-10-09 20:44 logs/
-rw-r--r--  1 sander sander  4834 2011-10-12 20:10 sabnzbd.ini
-rw-r--r--  1 sander sander  4834 2011-10-12 08:12 sabnzbd.ini.bak
-rw-r--r--  1 sander sander  5021 2011-09-11 23:08 sabnzbd.ini.best-veel-servers
-rw-r--r--  1 sander sander  5187 2011-08-26 09:05 sabnzbd.ini.nogOKhopelijk

felker@R540:~$ head -5 /home/sander/.sabnzbd/sabnzbd.ini
__version__ = 19
[misc]
queue_complete = ""
https_port = 9090
folder_rename = 1
felker@R540:~$

[sander]

OK, done.

@shypike: I thought this default *ix rights settings on sabnzbd.ini was discussed (handled?) a few years ago? Or is that what you're referring to in your post?

As the owner I changed the rights:

Code: Select all

sander@R540:~$ ll | grep sabnzbd
drwxr-xr-x  4 sander sander      4096 2011-10-12 20:10 .sabnzbd/

sander@R540:~$ chmod 700 .sabnzbd/

sander@R540:~$ ll | grep sabnzbd
drwx------  4 sander sander      4096 2011-10-12 20:10 .sabnzbd/
sander@R540:~$ 

... and then another user has no access anymore:

Code: Select all

felker@R540:~$ ll /home/sander/.sabnzbd/
ls: cannot open directory /home/sander/.sabnzbd/: Permission denied
felker@R540:~$ 

felker@R540:~$ head -5 /home/sander/.sabnzbd/sabnzbd.ini
head: cannot open `/home/sander/.sabnzbd/sabnzbd.ini' for reading: Permission denied
felker@R540:~$ 

[shypike]

This true, but I can still understand why people are not happy to ever
store passwords as plain text.