Re: [Nautilus-list] Re: [PATCH] hide some sensitive information

From: Ramiro Estrugo <ramiro fateware com>
To: migras atlas uvigo es
Cc: nautilus-list lists eazel com
Subject: Re: [Nautilus-list] Re: [PATCH] hide some sensitive information
Date: Mon, 25 Jun 2001 07:00:00 -0700

2 questions about this patch:

1) Why use asterisks ?  I dunno offhand if its legal to use these in a
URI, but regardless.  Since the URI gets written to disk, it might be
confusing to use asterisks since these have special meaning to the unix
shell.  Even if Nautilus deals with it properly, its weird to look at a
file name with such characters.

2) Why 6 characters ?  Why not dup the whole uri, and then replace each
of the password characters with the obfuscating char ?  That way you
preserve the uri length, and probably make the operation a little
cleaner.

-re

Miguel Rodríguez Pérez wrote:
> 
> Miguel Rodríguez Pérez wrote:
> 
> > This patch just prevents nautilus from saving the password in the
> > URL's stores in ~/.nautilus/thumbnails.
> >
> > (As always any badly written/expressed english is the sole
> > responsability of the mailer program).
> 
> Well, there was a bug in the code..., so here goes an updated patch
> (this one works).
> (Learned lesson: never ever modify a patch after it is tested.)
> 
>   ------------------------------------------------------------------------
> Index: ChangeLog
> ===================================================================
> RCS file: /cvs/gnome/nautilus/ChangeLog,v
> retrieving revision 1.4660
> diff -d -u -r1.4660 ChangeLog
> --- ChangeLog   2001/06/18 19:36:24     1.4660
> +++ ChangeLog   2001/06/22 17:57:57
> @@ -1,3 +1,13 @@
> +2001-06-20  Miguel Rodríguez Pérez  <migras atlas uvigo es>
> +
> +       * libnautilus-private/nautilus-thumbnails.c (obfuscate_password):
> +       New function to look for a password in una uri and change it
> +       for 6 asterisks.
> +       (make_thumbnail_uri): Call obfuscate_passwd before generating the
> +       final uri.
> +       This prevents the password to be saved in cleartext in
> +       ~/.nautilus/thumbnails if the user accesses some remote server.
> +
>  2001-06-18  Ramiro Estrugo  <ramiro fateware com>
> 
>         * nautilus.spec.in:
> Index: libnautilus-private/nautilus-thumbnails.c
> ===================================================================
> RCS file: /cvs/gnome/nautilus/libnautilus-private/nautilus-thumbnails.c,v
> retrieving revision 1.22
> diff -d -u -r1.22 nautilus-thumbnails.c
> --- libnautilus-private/nautilus-thumbnails.c   2001/06/06 19:01:15     1.22
> +++ libnautilus-private/nautilus-thumbnails.c   2001/06/22 17:58:28
> @@ -121,6 +121,33 @@
>         return !uri_is_local (image_uri);
>  }
> 
> +/* this functions looks for a password in a uri and changes it for 6 '*' */
> +
> +static char *
> +obfuscate_password (const char *escaped_uri)
> +{
> +       const char *passwd_start, *passwd_end;
> +        char *new_uri, *new_uri_temp;
> +
> +       passwd_start = strchr (escaped_uri, ':');
> +       g_assert (passwd_start != NULL);
> +       passwd_start = strchr (passwd_start + 1, ':'); /* The fisrt ':' is for the protocol */
> +       if (passwd_start == NULL) { /* There's no password */
> +               return g_strdup (escaped_uri);
> +       }
> +       passwd_end = strchr (passwd_start, '@');
> +
> +       /* This URL has no valid password */
> +       if (passwd_end == NULL || passwd_start == NULL || passwd_end <= passwd_start) {
> +               return g_strdup (escaped_uri);
> +       } else {
> +               new_uri_temp = g_strndup (escaped_uri, passwd_start - escaped_uri);
> +               new_uri = g_strdup_printf ("%s:******%s", new_uri_temp, passwd_end);
> +               g_free (new_uri_temp);
> +               return new_uri;
> +       }
> +}
> +
>  /* utility routine that, given the uri of an image, constructs the uri to the corresponding thumbnail */
> 
>  static char *
> @@ -148,11 +175,13 @@
>                 GnomeVFSResult result;
>                 GnomeVFSURI *thumbnail_directory_uri;
> 
> -               char *escaped_uri = gnome_vfs_escape_slashes (directory_name);
> -               thumbnail_path = g_strdup_printf ("%s/.nautilus/thumbnails/%s", g_get_home_dir(), escaped_uri);
> +               char *escaped_uri = gnome_vfs_escape_slashes (directory_name);
> +               char *protected_uri = obfuscate_password (escaped_uri);
> +               g_free (escaped_uri);
> +               thumbnail_path = g_strdup_printf ("%s/.nautilus/thumbnails/%s", g_get_home_dir(), protected_uri);
>                 thumbnail_uri = gnome_vfs_get_uri_from_local_path (thumbnail_path);
>                 g_free (thumbnail_path);
> -               g_free(escaped_uri);
> +               g_free (protected_uri);
> 
>                 /* we must create the directory if it doesn't exist */
>

Follow-Ups:
- Re: [Nautilus-list] Re: [PATCH] hide some sensitive information
  - From: Miguel Rodríguez Pérez

References:
- [Nautilus-list] [PATCH hide some sensitive information
  - From: Miguel Rodríguez Pérez
- [Nautilus-list] Re: [PATCH] hide some sensitive information
  - From: Miguel Rodríguez Pérez

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]