General :
K-Meleon Web Browser Forum
First, I'd like to commend developers and testers for your great job on KM =). Finally, I worthy alternative to this IE / Netscape crap!
On to my question, I was wondering where my passwords from websites are stored and how I can edit (remove / add) entries.
Thx! Continue with the great work
they're in the file in your profile folder that has eight random characters and an '.s' extension... you can edit it carefully; it's easier if you have a text editor that will recognize *NIX line termination, though... IIRC, notepad displays it as one line.
Wow, pretty complicated. Better watch what I save to the password manager, i guess.
deleting an entry isn't complicated (unless you're viewing it in notepad with word-wrap on, in which case it becomes kind of a simulated hex-editor experience...); you just remove one block, along with ONE (1) of the full-stop (.) characters above and/or below it. that seems to work fine.
i've never tried altering the contents beyond deleting a block... the login information gets encrypted in a way that's effective at keeping you from working with it, but is probably much too weak to actually keep someone who really wanted to crack it from doing so... oh well.
po, the general rule is that if you have a program that can access the encrypted data without any input from you (passphrase, encryption key, etc.), then the data might as well be cleartext. If the program can access it, then anyone else can, also.
I wrote a little perl script that checks my mail on a POP server. To do this, it needs my password. I didn't want to type it in each time, so I stored it in a file, "encrypted" with a random little algorithm I made up. The only purpose of the "encryption" is to keep people from immediately seeing my password if they get access to that file. But if they have access to the file, they also have access to the program that reads it. Run the relevant portion of the program on the file, and you have my password. There's no way around that.
That's why I tend to shy away from password-saving mechanisms in any application. With them, your password is only as secure as the access permissions on the file it's stored in.
yup... and that being the case, and with the assumption that one's not storing anything terribly important in the file, it would be nice if there was an option to skip the whole charade for the purpose of making it easier to hand-edit the file... and come to think of it, i suppose there could be a pref for that... i haven't actually checked.
i will when i wake up a little more, i think.
Ah. What I worry about is, what if I type in the wrong pword. Now I know how to wipe it if I do.
(my cats don't use the computer...)
General discussion about K-Meleon
Password Manager
Posted by:
Ca|ibur
Date: July 12, 2002 02:28AM
First, I'd like to commend developers and testers for your great job on KM =). Finally, I worthy alternative to this IE / Netscape crap!
On to my question, I was wondering where my passwords from websites are stored and how I can edit (remove / add) entries.
Thx! Continue with the great work
Re: Password Manager
Posted by:
po
Date: July 12, 2002 04:52AM
they're in the file in your profile folder that has eight random characters and an '.s' extension... you can edit it carefully; it's easier if you have a text editor that will recognize *NIX line termination, though... IIRC, notepad displays it as one line.
Re: Password Manager
Posted by:
Ca|ibur
Date: July 13, 2002 04:11AM
Wow, pretty complicated. Better watch what I save to the password manager, i guess.
Re: Password Manager
Posted by:
po
Date: July 13, 2002 04:30AM
deleting an entry isn't complicated (unless you're viewing it in notepad with word-wrap on, in which case it becomes kind of a simulated hex-editor experience...); you just remove one block, along with ONE (1) of the full-stop (.) characters above and/or below it. that seems to work fine.
i've never tried altering the contents beyond deleting a block... the login information gets encrypted in a way that's effective at keeping you from working with it, but is probably much too weak to actually keep someone who really wanted to crack it from doing so... oh well.
Re: Password Manager
Posted by:
Mark
Date: July 13, 2002 02:06PM
po, the general rule is that if you have a program that can access the encrypted data without any input from you (passphrase, encryption key, etc.), then the data might as well be cleartext. If the program can access it, then anyone else can, also.
I wrote a little perl script that checks my mail on a POP server. To do this, it needs my password. I didn't want to type it in each time, so I stored it in a file, "encrypted" with a random little algorithm I made up. The only purpose of the "encryption" is to keep people from immediately seeing my password if they get access to that file. But if they have access to the file, they also have access to the program that reads it. Run the relevant portion of the program on the file, and you have my password. There's no way around that.
That's why I tend to shy away from password-saving mechanisms in any application. With them, your password is only as secure as the access permissions on the file it's stored in.
Re: Password Manager
Posted by:
po
Date: July 13, 2002 07:14PM
yup... and that being the case, and with the assumption that one's not storing anything terribly important in the file, it would be nice if there was an option to skip the whole charade for the purpose of making it easier to hand-edit the file... and come to think of it, i suppose there could be a pref for that... i haven't actually checked.
i will when i wake up a little more, i think.
Re: Password Manager
Posted by:
Arual the Wyrd
Date: July 14, 2002 12:21AM
Ah. What I worry about is, what if I type in the wrong pword. Now I know how to wipe it if I do.
(my cats don't use the computer...)
English