Review Request: New Kwallet scheme for Khtml user-password form saving (enabling multiple accounts per site)
Michael Leupold
lemma at confuego.org
Wed Aug 11 23:34:37 BST 2010
Oswald Buddenhagen wrote:
> On Tue, Aug 10, 2010 at 04:03:44PM +0200, Martin Sandsmark wrote:
>> On Tue, Aug 10, 2010 at 08:48:03AM +0200, Oswald Buddenhagen wrote:
>> > otoh, konqueror's current behavior is a royal PITA to use. there
>> > should be some hierarchical treatment of urls with automatic
>> > propagation of completion data to deeper nested directories (and a
>> > manual way to propagate up).
>>
>> It's not given that they belong to the same page, though. So it will
>> become a potential security hole, no?
>>
> i've yet to see a password secured site which lives in a subdirectory of
> another password secured site and is not in the same administrative
> domain ...
Nowadays they are probably more of a corner case, but they still exist. Just
think about university networks or smaller providers which let you log on on
the frontpage and provide ~user subdirectories which are managed by the
individuals owning the account.
Apart from that there are other cases where you could have 2 different
security providers on one domain which are managed by the same
administrators, so no security problems but usability ones. Think about
content management systems which have separate accounts for frontend and
backend login.
While I agree that this is probably not that common those cases should weigh
in heavier regarding security. This doesn't mean we couldn't have a way for
the user to explicitly configure it to ignore those issues.
Regards,
Michael
More information about the kde-core-devel
mailing list