KWallet integration
Martijn Klingens
klingens at kde.org
Wed Sep 3 11:05:59 BST 2003
On Monday 01 September 2003 23:29, Tim Jansen wrote:
> IMHO this should be turned off completely by default. It does not add any
> additional security. If Kopete is malicious or the user has any other
> virus/ trojan horse running it will not help anyway, there are thousands of
> ways to get the passwords and the only thing that may prevent the attacker
> from doing this is the password encryption of the wallet.
> If the user has a password for the wallet, just ask for it and say that
> kopete requested it. If there is no password or the user already entered
> it, there should be no feedback at all. The idea of KWallet should be to
> make the user's live easier, not to display dialogs that people will stop
> reading after a while anyway.
Did you actually use Kopete with KWallet?
The dialog is not a yes/no message box, it asks for your KWallet password.
KWallet can't access your passwords without the password to unlock the wallet
and thus _needs_ to show the dialog.
And whereas I tend to agree that the dialog can be made less intrusive I don't
think KWallet should be disabled completely by default. On the contrary
rather, because KWallet certainly protects all passwords as long as you have
no applications using the wallet running. Protection against trojans and
viruses is impossible, but that is not the purpose of the wallet in the first
place.
--
Martijn
More information about the kde-core-devel
mailing list