Review Request: Using KWallet to store Cookies

todd rme toddrme2178 at gmail.com
Tue Apr 19 16:55:54 BST 2011


On Tue, Apr 19, 2011 at 7:40 AM, Leo Savernik <l.savernik at aon.at> wrote:
> Am Freitag, 21. Januar 2011 schrieb José Millán Soto:
>> Currently cookies are stored in a plain text file. This patch allows
>> KCookieJar to store the cookies securely using KWallet.
>>
>> The main problem I had writing this patch was that when a web page is
>> requested, KIO ask for the cookies to kded using dbus. In the first
>> implementations that I wrote, if the user took too long to open the
>> wallet, KIO received a dbus timeout.
>>
>> To prevent this, if it takes more than 10 seconds to open the wallet, the
>> web page will be requested without sending the cookies (or sending the
>> available cookies if there's still the plain text cookie file). If the
>> wallet is opened after that, the cookies stored in the wallet will be
>> available since then.
>>
>> Because of this, the feature is disabled by default.
>
> Is this feature going to stay disabled by default?
>
> I'm asking for two reasons.
> 1. My partition is already encrypted. I don't need double encryption.
> 2. I'd really hate it if the KWallet password dialog pops up by simply
> browsing (while not logging on and not completing forms) as virtually any page
> uses cookies.

If someone knows enough to encrypted home partitions they probably
know enough to disable this feature as well.   I think the decision
about whether it should be enabled by default should be made based on
regular users who don't know as much.

-Todd




More information about the kde-core-devel mailing list