Hello, I just found out the xfce4-mailwatch-plugin is storing it's password in plain text. Although i know pop3 is an unencrypted protocol, it's still better not to store a password in plain text, since it will just make things easier for an attacker to hack into other services you own. Especially with mail, this can lead to very bad things. Greets, Crypt0 (Tim de Gier@home.nl) "attachment" crypt0:/home/crypt0/.config/xfce4/panel# cat mailwatch-11885819891.rc [mailwatch-plugin] click_command= new_messages_command= normal_icon=xfce-nomail new_mail_icon=xfce-newmail log_lines=200 show_log_status=true [mailwatch] nmailboxes=1 mailbox0=pop3 mailbox_name0=timdegier [mailbox0] host=xxxx.xxxx.nl username=timdegier password=xxxxxpassword_is_herexxxxx auth_type=0 use_standard_port=1 nonstandard_port=0 timeout=600
Any obfuscation of the password would just lead to a false sense of security, since there's no way to actually 'encrypt' the password in such a way that others could not easily decrypt it (at least not without having a master password that has to be entered every time mailwatch starts). Normal unix permissions should keep other people on the system out. You shouldn't be using this plugin on a system where you don't trust the people with root access.
*** Bug 6062 has been marked as a duplicate of this bug. ***
*** Bug 7784 has been marked as a duplicate of this bug. ***