[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] [bug #51666] Please hash the hostname in ~/.wget-hsts files
|
From: |
Tim Ruehsen |
|
Subject: |
[Bug-wget] [bug #51666] Please hash the hostname in ~/.wget-hsts files |
|
Date: |
Sat, 5 Aug 2017 11:07:47 -0400 (EDT) |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0 |
Follow-up Comment #1, bug #51666 (project wget):
The files are read/write only to the user (in case you didn't protect your
home directory appropriately).
If you are still concerned, what about
~/.mozilla/firefox/*.default/SiteSecurityServiceState.txt and likely hundreds
or thousands of other files containing potential private information ?
Not thinking of your private keys lying around in .ssh/.
And even file dates and sizes are potential private data leaks.
While we could hash anything, it would be way safer for you to protect your
complete home directory.
We could think about an option, just in case you want to keep your HSTS cache
in a public space, e.g. /var. But we already think of using SQLite for storing
and maybe sharing with Firefox.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?51666>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/