From aa898d65fef0a8695e8412480146d1b6048771f2 Mon Sep 17 00:00:00 2001 From: Dominik Riebeling Date: Tue, 19 Mar 2013 22:20:23 +0100 Subject: Encode the password using base64 before storing it to the configuration file. There are two reasons for this: - QUrl::toEncoded() has problems with some characters like the colon and @. Those are not percent encoded, causing the string getting parsed wrongly when reading it back (see FS#12166). - The password is cleartext in the configuration file. While using base64 doesn't provide any real security either it's at least better than plaintext. Since this program is open source any fixed mechanism to obfuscate / encrypt the password isn't much help either since anyone interested in the password can look at the sources. The best way would be to eventually use host OS functionality to store the password. Change-Id: I6ac49d68211236e540b6ca16481e0e1c196532b7 --- rbutil/rbutilqt/rbutilqt.cpp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'rbutil/rbutilqt/rbutilqt.cpp') diff --git a/rbutil/rbutilqt/rbutilqt.cpp b/rbutil/rbutilqt/rbutilqt.cpp index c5cdeb1cf7..6ff80c3cc2 100644 --- a/rbutil/rbutilqt/rbutilqt.cpp +++ b/rbutil/rbutilqt/rbutilqt.cpp @@ -610,8 +610,12 @@ QUrl RbUtilQt::proxy() { QUrl proxy; QString proxytype = RbSettings::value(RbSettings::ProxyType).toString(); - if(proxytype == "manual") - proxy.setEncodedUrl(RbSettings::value(RbSettings::Proxy).toByteArray()); + if(proxytype == "manual") { + proxy.setUrl(RbSettings::value(RbSettings::Proxy).toString(), + QUrl::TolerantMode); + QByteArray pw = QByteArray::fromBase64(proxy.password().toUtf8()); + proxy.setPassword(pw); + } else if(proxytype == "system") proxy = System::systemProxy(); -- cgit v1.2.3