desktop-packages team mailing list archive

Thread
Date

[Bug 42686] Re: audioscrobbler password saved as plaintext in gconf

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Bug Watch Updater <42686@xxxxxxxxxxxxxxxxxx>
Date: Tue, 18 Oct 2011 01:53:09 -0000
Reply-to: Bug 42686 <42686@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: rhythmbox
       Status: New => Expired

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to rhythmbox in Ubuntu.
https://bugs.launchpad.net/bugs/42686

Title:
  audioscrobbler password saved as plaintext in gconf

Status in The Rhythmbox Music Management Application:
  Expired
Status in “rhythmbox” package in Ubuntu:
  Triaged

Bug description:
  When saving a password for audioscrobbler, it is saved in .gconf
  unencoded.  It appears in

  /home/kevinly/.gconf/apps/rhythmbox/audioscrobbler/%gconf.xml

  I realize that you should use different password for different
  websites, but some may inadvertantly set the user's (and thus su)
  password for their audioscrobbler password.

  A better option would be to store the md5 of the password instead
  since that is all last.fm requires for authorization. An optimal
  solution may be to use gnome-keyring instead of gconf.

To manage notifications about this bug go to:
https://bugs.launchpad.net/rhythmbox/+bug/42686/+subscriptions