Home / GitHub Page

Password can be read in plain text


#1

I have noticed that the password for the synchronization target can be read in plain text in the database.sqlite file (Windows-Client). Also the texts in this file (which should be encrypted) are readable in plain text.
Is there a solution or is a troubleshooting planned for the near future?


#2

Also the texts in this file (which should be encrypted)

Please have a look at the doc as it’s not what end-to-end encryption does - https://joplin.cozic.net/e2ee/


#3

Just started using Joplin and I notice that the E2E and the WEBDAV passwords are stored in plaintext inside the settings table of the SQLite Database on the Windows version. I presume the same on Android.
I get that this is not what E2E is for and - personally I am synching this to my own NAS using WebDav so not worried about E2E but not too pleased that the credentials are in plain text. Do you have plans to resolve this either using an encrypted database format or just encrypting these specific values.
I realise whatever you do the encryption must be two way so a hash is not suitable but my concern is not making this bulletproof but preventing casual viewers reading the contents.


#4

I think this issue has been explained a thousand times in the forum and on github. If your system is compromised, everything else goes to !@#$ anyway, so what’s the point?


#5

Inclined to agree with @tessus here. As you’ve noted, it would only prevent casual viewers from glancing at the password, but if someone is in your system manually digging around in your Joplin profile database, I somehow doubt it’s still a casual viewer.

(Don’t get me wrong, I wouldn’t be against having additional encryption; I just don’t see this as such a pressing issue.)


#6

It is common best practise to not have passwords in plain text!
If my system is compromised then I don’t want my NAS compromised too. Personally I have now having seen this created a dedicated user/password in a separate area of my NAS just for Joplin.
Encrypting the database would be an obvious solution to this but is overkill from my perspective.
I do not keep my passwords in a notepad file on my PC! That would be crazy - what’s the difference!
I presume on Android and iOS you have device level encryption and sandboxing - not the same on Windows.


#7

I agree that plain text passwords are almost never a good idea. However in this case, I also agree with @zblesk that this issue is not a pressing one.

Security is a highly complex topic and it cannot be reduced to a single item. e.g. people are supposed to use device or application passwords (tokens) instead of passwords. Should there be a problem one can always revoke that token.
Full disk encryption is another important part.

In any case, if someone has physical access to your machine it’s over in 99% of all cases anyway. The same is true, if someone has access to the hypervisor of virtualized servers. The adversary only has to dump the VMs memory and search for passwords in the dump (even for the passwords of the full disk encryption for that VM).