Deluge Forum

Support Forum for the Deluge BitTorrent Client
https://forum.deluge-torrent.org/

Encrypt the password of email notifications.

https://forum.deluge-torrent.org/viewtopic.php?t=45773

Page 1 of 1

Encrypt the password of email notifications.

Posted: Fri Sep 27, 2013 1:55 pm
by shinger
Hi,

I was just restoring my old configurations after a fresh install of the server and i saw that the password of my emailadress for notifications was not encrypted.

Code: Select all

{
  "file": 1, 
  "format": 1
}{
  "smtp_recipients": [
    "<EMAILADRESS>"
  ], 
  "smtp_enabled": true, 
  "subscriptions": {
    "email": [
      "TorrentFinishedEvent"
    ]
  }, 
  "smtp_port": <PORT>, 
  "smtp_host": "<SMTP HOST>", 
  "smtp_from": "<NAME>", 
  "smtp_user": "<EMAILADRESS>", 
  "smtp_pass": "<PASSWORD>", 
  "smtp_tls": true
}

Re: Encrypt the password of email notifications.

Posted: Fri Sep 27, 2013 7:38 pm
by bro
Any suggestions on how to do that?

Re: Encrypt the password of email notifications.

Posted: Sat Sep 28, 2013 1:21 pm
by shinger
Well if you look at the "auth" file, you see that the localclient has an encrypted password. Isn't it possible to use the same code for encryptying this file as well??

Re: Encrypt the password of email notifications.

Posted: Mon Sep 30, 2013 11:11 am
by Cas
No that is a hash generated plain text password. Anything encrypted needs to be able to be decrypted...

Re: Encrypt the password of email notifications.

Posted: Thu Oct 03, 2013 1:31 am
by shinger
Cas,

i'm no programmer, but isn't it possible that deluge encrypts it in the text file and once it needs it, that it decrypt it to stores it in like the cache/ram for max 1 minute or so. If everything is done, that it removes it from the cache. This would prevent first that the file is readable by others and the heavy load would be less, because of the 1 minute cache. So if there are more then 1 torrents that would finish in that 1 minute, then it doesn't have to decrypt it again to read it.

OR MAYBE, Once a day to empty the cache.

Re: Encrypt the password of email notifications.

Posted: Thu Oct 03, 2013 3:16 pm
by Cas
The issue here is the security of your server, if someone has access to the files then no encryption will help because if Deluge can decrypt it then getting the encryption key from Deluge code is trivial. This applies to all applications that need to store passwords for another service.

I think the best solution is application-specific passwords that if compromised can be revoked (very useful for mobile devices): https://support.google.com/accounts/answer/185833?hl=en
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited