Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This may be a minor point, but I was browsing through the firefox stored passwords, and noticed that it had my root password in there. This happened when I installed my printer via CUPS. It must have offered to remember the password and I clicked yes as usual. It's probably not a good idea to have roots password stored on your hard drive, even encrypted in firefox. I just thought I'd point this out.
It's probably not a good idea to have roots password stored on your hard drive, even encrypted in firefox.
It's not a good idea to have passwords stored at all. They can't "encrypt" your password because they still need to store the key to "decrypt" it somewhere, which defeats the point.
That's probably a good idea to use the master password. I've got a lot of info in firefox. It is a bit of a security loophole though. Stored passwords are a godsend. The reason I was looking through them is because i got caught up in an ebay scam. Someone was selling a hifi for a great price, saying to email them personally to buy it now. I emailed them and then ebay removed it saying someone's account had been compromised and it was a scam. Now this person has my email address. I didn't send any money, but I've changed my registered email address and passwords.
Personally, I would have Firefox (or any other browser) never remember passwords. It's not that hard to type it every time, just a few extra keystrokes.
Go to Preferences -> Passwords and make sure the Remeber Passwords box is unchecked, then clear all saved passwords, then whenever it offers to remember a password cleck Never For This Site.
And always "log out" or "sign out" when finished to erase cookies that might have ID/password combinations in them.
If someone gets access to your box, and your user account, they have your passwords.
What kind of encryption/hashing is used in Firefox? That would suprise me if you can decode an encrypted password.
I'm not sure I see a security problem in storing passwords in firefox but I may be wrong.
Any scenario?
Maybe with XSS (CrossSiteScripting) but I'm not even sure.
Well like he says, if someone gets access to your user account, they can get the passwords. As user I can view them in firefox. I'm not even sure they're encrypted. All I can do is set a master password or not use them at all.
Ah yes you're right, I've missed the point
Sure I use master password. But I'm still wondering if by XSS even with master password it is not possible to get your password.. as they stay in memory for a while
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.