diff options
| author | Dominik Riebeling <Dominik.Riebeling@gmail.com> | 2013-03-19 22:20:23 +0100 |
|---|---|---|
| committer | Dominik Riebeling <Dominik.Riebeling@gmail.com> | 2013-03-19 22:47:50 +0100 |
| commit | aa898d65fef0a8695e8412480146d1b6048771f2 (patch) | |
| tree | 4839177614e34ff5b64dc5c0a2e3f17c897ce6e5 | |
| parent | 9965849765bb113801d2d4c93e07fc259d307f3e (diff) | |
| download | rockbox-aa898d65fef0a8695e8412480146d1b6048771f2.zip rockbox-aa898d65fef0a8695e8412480146d1b6048771f2.tar.gz rockbox-aa898d65fef0a8695e8412480146d1b6048771f2.tar.bz2 rockbox-aa898d65fef0a8695e8412480146d1b6048771f2.tar.xz | |
Encode the password using base64 before storing it to the configuration file.
There are two reasons for this:
- QUrl::toEncoded() has problems with some characters like the colon and @.
Those are not percent encoded, causing the string getting parsed wrongly when
reading it back (see FS#12166).
- The password is cleartext in the configuration file.
While using base64 doesn't provide any real security either it's at
least better than plaintext.
Since this program is open source any fixed mechanism to obfuscate /
encrypt the password isn't much help either since anyone interested in
the password can look at the sources. The best way would be to
eventually use host OS functionality to store the password.
Change-Id: I6ac49d68211236e540b6ca16481e0e1c196532b7
| -rw-r--r-- | rbutil/rbutilqt/configure.cpp | 34 | ||||
| -rw-r--r-- | rbutil/rbutilqt/rbutilqt.cpp | 8 |
2 files changed, 28 insertions, 14 deletions
diff --git a/rbutil/rbutilqt/configure.cpp b/rbutil/rbutilqt/configure.cpp index 3175ba4..0867673 100644 --- a/rbutil/rbutilqt/configure.cpp +++ b/rbutil/rbutilqt/configure.cpp @@ -135,17 +135,23 @@ void Config::accept() proxy.setPort(ui.proxyPort->text().toInt()); } - // QUrl::toEncoded() doesn't encode a colon in the password correctly, - // which will result in errors during parsing the string. - // QUrl::toPercentEncoding() does work as expected, so build the string to - // store in the configuration file manually. - QString proxystring = "http://" - + QString(QUrl::toPercentEncoding(proxy.userName())) + ":" - + QString(QUrl::toPercentEncoding(proxy.password())) + "@" - + proxy.host() + ":" - + QString::number(proxy.port()); - RbSettings::setValue(RbSettings::Proxy, proxystring); - qDebug() << "[Config] setting proxy to:" << proxy; + // Encode the password using base64 before storing it to the configuration + // file. + // There are two reasons for doing this: + // - QUrl::toEncoded() has problems with some characters like the colon and + // @. Those are not percent encoded, causing the string getting parsed + // wrongly when reading it back (see FS#12166). + // - The password is cleartext in the configuration file. + // While using base64 doesn't provide any real security either it's at + // least better than plaintext. + // Since this program is open source any fixed mechanism to obfuscate / + // encrypt the password isn't much help either since anyone interested in + // the password can look at the sources. The best way would be to + // eventually use host OS functionality to store the password. + QUrl p = proxy; + p.setPassword(proxy.password().toUtf8().toBase64()); + RbSettings::setValue(RbSettings::Proxy, p.toString()); + qDebug() << "[Config] setting proxy to:" << proxy.toString(QUrl::RemovePassword); // proxy type QString proxyType; if(ui.radioNoProxy->isChecked()) proxyType = "none"; @@ -239,7 +245,11 @@ void Config::abort() void Config::setUserSettings() { // set proxy - proxy.setEncodedUrl(RbSettings::value(RbSettings::Proxy).toByteArray()); + proxy.setUrl(RbSettings::value(RbSettings::Proxy).toString(), + QUrl::StrictMode); + // password is base64 encoded in configuration. + QByteArray pw = QByteArray::fromBase64(proxy.password().toUtf8()); + proxy.setPassword(pw); if(proxy.port() > 0) ui.proxyPort->setText(QString("%1").arg(proxy.port())); diff --git a/rbutil/rbutilqt/rbutilqt.cpp b/rbutil/rbutilqt/rbutilqt.cpp index c5cdeb1..6ff80c3 100644 --- a/rbutil/rbutilqt/rbutilqt.cpp +++ b/rbutil/rbutilqt/rbutilqt.cpp @@ -610,8 +610,12 @@ QUrl RbUtilQt::proxy() { QUrl proxy; QString proxytype = RbSettings::value(RbSettings::ProxyType).toString(); - if(proxytype == "manual") - proxy.setEncodedUrl(RbSettings::value(RbSettings::Proxy).toByteArray()); + if(proxytype == "manual") { + proxy.setUrl(RbSettings::value(RbSettings::Proxy).toString(), + QUrl::TolerantMode); + QByteArray pw = QByteArray::fromBase64(proxy.password().toUtf8()); + proxy.setPassword(pw); + } else if(proxytype == "system") proxy = System::systemProxy(); |