View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003148||3 - Current Dev List||Bug||public||2019-02-01 18:11||2019-02-10 21:53|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Target Version||Fixed in Version||22.214.171.124|
|Summary||0003148: Digital Master formerly stored EQSL, QRZ passwords in plain text|
|Description||The digital master application, in previous versions, had built-in code to perform QRZ and EQSL call sign lookups. Passwords for these services were stored in the config file for the application, and were stored without encryption.|
While the code to perform lookups was moved to the logbook application, the configuration UI for the lookup feature remained in the application until recently. The settings management code remains.
|Tags||No tags attached.|
This checkin removes the eqSL and QRZ passwords, plus other settings that were written to the DM780 config file to support the lookup of callsigns back when DM780 included that feature. Now, DM780 relies on Logbook to provide the work.
My read of the config code is that it will read the file at startup, then write it out again at shutdown -- or any time that the setting are saved. My call is that the settings which are no longer defined aren't read (not kept in memory) and won't be re-written. So the issue of unprotected credentials lying around on disk will disappear the next time the user runs the application.
If this analysis is incorrect, we'll need to add code that seeks out the obsolete setting and erases them.
||I read the code and tested lookups in DM-780. They worked as expected.|
|2019-02-01 18:11||K7ZCZ||New Issue|
|2019-02-01 18:18||K7ZCZ||Note Added: 0007208|
|2019-02-01 18:19||K7ZCZ||Assigned To||=> K7ZCZ|
|2019-02-01 18:19||K7ZCZ||Status||new => resolved|
|2019-02-01 18:19||K7ZCZ||Resolution||open => fixed|
|2019-02-06 11:18||K7ZCZ||Fixed in Version||=> 126.96.36.199|
|2019-02-10 21:53||WA9PIE||Status||resolved => closed|
|2019-02-10 21:53||WA9PIE||Testing||Not Started => Beta Successful|
|2019-02-10 21:53||WA9PIE||Note Added: 0007349|