[swift-users] Storing passwords in plaintext
Andrew Martin
amartin at xes-inc.com
Wed Feb 3 14:32:44 UTC 2016
----- Original Message -----
> From: "Kevin Smith" <kevin.smith at isode.com>
> To: "Andrew Martin" <amartin at xes-inc.com>
> Cc: swift-users at swift.im
> Sent: Wednesday, February 3, 2016 4:14:11 AM
> Subject: Re: [swift-users] Storing passwords in plaintext
>
> Hi Andrew,
>
> On 25 Jan 2016, at 18:20, Andrew Martin <amartin at xes-inc.com> wrote:
> > I recently discovered Swift and very excited about using it as it seems to
> > be a
> > mature, feature-rich XMPP client. However, I am concerned about the "save
> > password" checkbox, as it appears that it saves your password in plaintext
> > in
> > ~/.config/Swift/Swift.conf. I would expect it ton utilize the built-in OS
> > password-management system (e.g. KWallet on KDE or Windows Credential
> > Manager)
> > rather than storing the password in plaintext. Does Swift support the
> > ability
> > to safely store passwords, or can the "store password" functionality be
> > disabled entirely?
>
> Swift doesn’t support system keychains at the moment, but disabling password
> saving can be achieved by dropping a system-settings.xml alongside the swift
> binary with contents like, which will enable a mode where credentials are
> forgotten as soon as you log in (they’re also not stored in memory inside
> any of the Swift controllers or library)
>
> <settings>
> <forgetPassword>true</forgetPassword>
> </settings>
>
> Hope that helps.
>
> /K
Hi Kevin,
Thanks for the clarification - this is a good solution!
Andrew
More information about the swift-users
mailing list