Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'This warning is kind of overblown.' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
This warning is kind of overblown.
Authored by: rusto on Jul 15, '01 09:24:01AM
The password save "feature" is not obligitory, it is an option you can elect to choose or not. It is no more a security hole than keeping a text doc. on your computer with all your passwords listed. I had no problem seeing, reading and opting NOT to have XMorph save my admin password. There are alot of these hyper-active warnings about Xmorph at various Mac sites and I susptect many are originating from developers (friends of) the competing app, MetaMorphX.

Here is a quote from the developer at VersionTracker:

"This feature was put in so that you never have to enter your password in XMorph. XMorph will scan this file at start-up and get your password. It was put in as a feature in earlier versions, and is completely optional. If you don't want your password remembered, leave all fields blank, and the checkbox unchecked. The setup assistant warns you of this risk. Here is exactly what the warning says: Make sure you enter your administrative password. Selecting this option will mean never having to enter your password. This can be a security risk, and a copy of your password will be saved to the hard drive. MetaMorphX uses Cocoa's authentication manager, and requires you to enter your password every time. I simply added the feature so that you do not need to enter your password ever if you don't care about the security risks. To remove your password, go to password settings in the extras menu, uncheck "Remember my password" and leave all fields blank. I simply left the option to either remember your password or not. --Colin Cornaby I'd also like to mention anonoy_13 I believe is on the MetaMorphX development team. He si the author of the Unlined Series, and has been a part of the MetaMorphX project.  ,"

[ Reply to This | # ]
This is still a security hole
Authored by: spyro_le_dragon on Jul 16, '01 08:36:56AM
Whatever you say, storing a password in full text is a baaad thing. he could at least use some kind of encryption or code to make it unreadable, I would bet there also is a function in carbon and/or cocoa to allow the encryption of passwords. By the way if the system asks for a password every time, it's for a good reason and that shouldn't be bypassed. by the way please sign the X OUR way petition http://www.PetitionOnline.com/xourway/petition.html

[ Reply to This | # ]