Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So what category does stored browser passwords fall? Because it sounds like " user specific application data " which is in AppData, which is the issue. But if that's not correct which of those locations is?


It should be in AppData. Gp is just a really weird unrelated rant.

ggp: unsandboxed AppData (unsandboxed filesystem in general, really) allowing everyone to read everyone else’s stuff is a security nightmare.

gp: stupid programmers don’t respect Windows’ simple scheme to place data in four different places!

What? Even if everyone places data correctly, they can still read everyone else’s stuff, as long as they belong to the same user. That’s the problem.


They belong to encrypted user credentials. https://support.microsoft.com/en-us/windows/accessing-creden....




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: