Encrypt the password of email notifications.

General support for problems installing or using Deluge
Post Reply
shinger
Leecher
Leecher
Posts: 83
Joined: Sat Jun 05, 2010 1:02 pm

Encrypt the password of email notifications.

Post by shinger »

Hi,

I was just restoring my old configurations after a fresh install of the server and i saw that the password of my emailadress for notifications was not encrypted.

Code: Select all

{
  "file": 1, 
  "format": 1
}{
  "smtp_recipients": [
    "<EMAILADRESS>"
  ], 
  "smtp_enabled": true, 
  "subscriptions": {
    "email": [
      "TorrentFinishedEvent"
    ]
  }, 
  "smtp_port": <PORT>, 
  "smtp_host": "<SMTP HOST>", 
  "smtp_from": "<NAME>", 
  "smtp_user": "<EMAILADRESS>", 
  "smtp_pass": "<PASSWORD>", 
  "smtp_tls": true
}
===============================================================
Server: Rock 5B 8 Cores (ARM), 16 GB RAM, 2 TB 970 Evo +
OS: Linux Ubuntu 22.04 LTS
Deluge: v2.1.1
Plugins: Blocklist, LabelPlus, ItConfig, MyScheduler, Stats, Notifications, YaRSS2
bro
Top Bloke
Top Bloke
Posts: 364
Joined: Sun Aug 28, 2011 6:46 pm
Location: Norway

Re: Encrypt the password of email notifications.

Post by bro »

Any suggestions on how to do that?
When reporting issues, please include any relevant information such as OS (and version), python version (for Windows users this depends on which Deluge installer was used), Deluge version and plugin version.
shinger
Leecher
Leecher
Posts: 83
Joined: Sat Jun 05, 2010 1:02 pm

Re: Encrypt the password of email notifications.

Post by shinger »

Well if you look at the "auth" file, you see that the localclient has an encrypted password. Isn't it possible to use the same code for encryptying this file as well??
===============================================================
Server: Rock 5B 8 Cores (ARM), 16 GB RAM, 2 TB 970 Evo +
OS: Linux Ubuntu 22.04 LTS
Deluge: v2.1.1
Plugins: Blocklist, LabelPlus, ItConfig, MyScheduler, Stats, Notifications, YaRSS2
Cas
Top Bloke
Top Bloke
Posts: 3679
Joined: Mon Dec 07, 2009 6:04 am
Location: Scotland

Re: Encrypt the password of email notifications.

Post by Cas »

No that is a hash generated plain text password. Anything encrypted needs to be able to be decrypted...
shinger
Leecher
Leecher
Posts: 83
Joined: Sat Jun 05, 2010 1:02 pm

Re: Encrypt the password of email notifications.

Post by shinger »

Cas,

i'm no programmer, but isn't it possible that deluge encrypts it in the text file and once it needs it, that it decrypt it to stores it in like the cache/ram for max 1 minute or so. If everything is done, that it removes it from the cache. This would prevent first that the file is readable by others and the heavy load would be less, because of the 1 minute cache. So if there are more then 1 torrents that would finish in that 1 minute, then it doesn't have to decrypt it again to read it.

OR MAYBE, Once a day to empty the cache.
===============================================================
Server: Rock 5B 8 Cores (ARM), 16 GB RAM, 2 TB 970 Evo +
OS: Linux Ubuntu 22.04 LTS
Deluge: v2.1.1
Plugins: Blocklist, LabelPlus, ItConfig, MyScheduler, Stats, Notifications, YaRSS2
Cas
Top Bloke
Top Bloke
Posts: 3679
Joined: Mon Dec 07, 2009 6:04 am
Location: Scotland

Re: Encrypt the password of email notifications.

Post by Cas »

The issue here is the security of your server, if someone has access to the files then no encryption will help because if Deluge can decrypt it then getting the encryption key from Deluge code is trivial. This applies to all applications that need to store passwords for another service.

I think the best solution is application-specific passwords that if compromised can be revoked (very useful for mobile devices): https://support.google.com/accounts/answer/185833?hl=en
Post Reply