Dangerous information in xml files


Advanced search

Message boards : BOINC Manager : Dangerous information in xml files
Message board moderation

To post messages, you must log in.

AuthorMessage
Spok
Avatar

Send message
Joined: 14 Nov 05
Posts: 49
Czech Republic
Message 908 - Posted: 14 Nov 2005, 6:05:26 UTC

Hi everybody

I found in files 'client_state_prev.xml' and 'client_state_prev.xml' in BOINC root folder
my http proxy login name and password.
These information were in readable form (!!!), not coded, hashed, etc.
Anybody can suppose this name/pswd is used also for my Windows login and he will be right. In many companies login for proxy is automaticaly updated from login to domain.
Btw, these login informations are also included in
'slots/0/init_data.xml'
Don't like this situation. BOINC is now most unsecure software in my PC. Talking about company PC, where some people are allowed to use my PC, usually under my login. There is no other (easy) way, how these people can found my login name/paswd, except of BOINC.

Have a nice day,
Spok
ID: 908 · Report as offensive
Profile KSMarksPsych
Avatar

Send message
Joined: 30 Oct 05
Posts: 1239
United States
Message 964 - Posted: 18 Nov 2005, 13:46:03 UTC - in response to Message 908.  

Hi everybody

I found in files 'client_state_prev.xml' and 'client_state_prev.xml' in BOINC root folder
my http proxy login name and password.
These information were in readable form (!!!), not coded, hashed, etc.
Anybody can suppose this name/pswd is used also for my Windows login and he will be right. In many companies login for proxy is automaticaly updated from login to domain.
Btw, these login informations are also included in
'slots/0/init_data.xml'
Don't like this situation. BOINC is now most unsecure software in my PC. Talking about company PC, where some people are allowed to use my PC, usually under my login. There is no other (easy) way, how these people can found my login name/paswd, except of BOINC.

Have a nice day,
Spok



it's just me, but i don't have the same password to log onto my computer as i do for personal projects or sites. in fact, i have a different password for almost all of the sites i use because although i don't use my personal computer at work, i do access various sites on the public computers at work (there are only about 10 of us where i work).

i'm of the thinking that the harder it is for people to figure out my password, the better. and even if they do, then it's not going to work anywhere else but that site.

kathryn
Kathryn :o)
ID: 964 · Report as offensive
Spok
Avatar

Send message
Joined: 14 Nov 05
Posts: 49
Czech Republic
Message 969 - Posted: 18 Nov 2005, 21:47:17 UTC

Yes, I understand you very well. I also use different passwords for different purposes. But this is special case. It's my company notebook and by default my login password is also used as firewall password. I cannot change this rule.

Now I have only two possibilities: To risk somebody will find my password,
or to delete BOINC.

Btw: You know Dirac? I'm fairly surprised :]
ID: 969 · Report as offensive

Message boards : BOINC Manager : Dangerous information in xml files

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.