<html>
<body>
<div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
<table bgcolor="#f9f3c9" width="100%" cellpadding="8" style="border: 1px #c9c399 solid;">
<tr>
<td>
This is an automatically generated e-mail. To reply, visit:
<a href="http://git.reviewboard.kde.org/r/101241/">http://git.reviewboard.kde.org/r/101241/</a>
</td>
</tr>
</table>
<br />
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">No review of your patch. Rather a question about it's usefulness: Why do you think cookies should be stored in KWallet? What is the threat model?
The main reason for storing passwords in KWallet is that KWallet remembers all of those passwords for you. The additional encryption is just a side benefit. Most people wouldn't mind if the encryption was missing and they'd be right because KWallet cannot protect your passwords from somebody who has gained access to your computer (either physically or remote). The only protection KWallet really offers is against hardware theft, i.e. if your laptop is stolen then your passwords are still safe (provided your master password is strong). But for this threat model harddisk encryption is a much better solution.
So, why do you think cookies should be stored in KWallet? They are already remembered. So, KWallet's main use case (serving as external memory) cannot be the reason. Who do you want to protect your cookies from?
An attacker hacking your computer? If he owns your computer then KWallet won't help you a bit.
A thief stealing your laptop? You should seriously think about harddisk encryption.
Your wife/husband/parents/children? KWallet won't really give you additional protection over the protection offered by normal user account management. If separate user accounts do not give you enough protection, i.e. if your wife/husband/parents/children is/are tech-savvy, then KWallet won't help because physical access trumps any protection KWallet can offer.
I'm not opposed to storing cookies in KWallet. I just think that it makes no sense.</pre>
<br />
<p>- Ingo</p>
<br />
<p>On April 27th, 2011, 1:37 a.m., José Millán Soto wrote:</p>
<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="8" style="background-image: url('http://git.reviewboard.kde.org/media/rb/images/review_request_box_top_bg.png'); background-position: left top; background-repeat: repeat-x; border: 1px black solid;">
<tr>
<td>
<div>Review request for kdelibs.</div>
<div>By José Millán Soto.</div>
<p style="color: grey;"><i>Updated April 27, 2011, 1:37 a.m.</i></p>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Currently cookies are stored in a plain text file. This patch allows KCookieJar to store the cookies securely using KWallet.
This patch is based on the one available at https://svn.reviewboard.kde.org/r/4927/diff/5/
The main difference between this one and the previous one is that there is no longer a timeout, as delayed DBus messages are used.</pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">
<li>kioslave/http/kcookiejar/kcookiejar.h <span style="color: grey">(896cab7)</span></li>
<li>kioslave/http/kcookiejar/kcookiejar.cpp <span style="color: grey">(b9d5c27)</span></li>
<li>kioslave/http/kcookiejar/kcookieserver.h <span style="color: grey">(e6d5658)</span></li>
<li>kioslave/http/kcookiejar/kcookieserver.cpp <span style="color: grey">(dbd9bf8)</span></li>
</ul>
<p><a href="http://git.reviewboard.kde.org/r/101241/diff/" style="margin-left: 3em;">View Diff</a></p>
</td>
</tr>
</table>
</div>
</body>
</html>