Thread: Interested in yet another ToDo app?
View Single Post
jaem
2009-04-12 , 22:41
Guest | Posts: n/a | Thanked: 0 times | Joined on
#17
Originally Posted by epage View Post
I've got a security dilemma and would love to get the feedback of developers and users. How do you feel about storing username/password credentials in plaintext? Is there a better way to store this?

I've already been worrying over this with DialCentral. I've held off so far since it takes advantage of cookies (which expire with time though). Remember the Milk might also be fairly safe since it gives me a token. A stolen token has more limited ramifications, only works for the site, can't change password, and can be revoked.
I'm generally against it, but most of the stock Nokia apps do that anyway, and your e-mail/IM passwords are more valuable than RTM. I think you should at least provide a warning somewhere telling people not to use an important password. As we know, all bets are off when someone has physical access to your machine anyway, so I would just go with a warning, and at least obfuscate the password, so that someone just stumbling across it by accident won't see it right away. Maemo's security once you have the tablet in your hands is trivial anyway, but storing non-obfuscated passwords in GConf just seems silly. (I've had to force myself to remember not to look at certain GConf entries before, when friends gave me credentials, but didn't want me knowing them.)