Review Request: Using KWallet to store Cookies
Dawit A
adawit at kde.org
Tue Apr 19 17:35:39 BST 2011
On Tue, Apr 19, 2011 at 11:55 AM, todd rme <toddrme2178 at gmail.com> wrote:
> On Tue, Apr 19, 2011 at 7:40 AM, Leo Savernik <l.savernik at aon.at> wrote:
>> Am Freitag, 21. Januar 2011 schrieb José Millán Soto:
>>> Currently cookies are stored in a plain text file. This patch allows
>>> KCookieJar to store the cookies securely using KWallet.
>>>
>>> The main problem I had writing this patch was that when a web page is
>>> requested, KIO ask for the cookies to kded using dbus. In the first
>>> implementations that I wrote, if the user took too long to open the
>>> wallet, KIO received a dbus timeout.
>>>
>>> To prevent this, if it takes more than 10 seconds to open the wallet, the
>>> web page will be requested without sending the cookies (or sending the
>>> available cookies if there's still the plain text cookie file). If the
>>> wallet is opened after that, the cookies stored in the wallet will be
>>> available since then.
>>>
>>> Because of this, the feature is disabled by default.
>>
>> Is this feature going to stay disabled by default?
>>
>> I'm asking for two reasons.
>> 1. My partition is already encrypted. I don't need double encryption.
>> 2. I'd really hate it if the KWallet password dialog pops up by simply
>> browsing (while not logging on and not completing forms) as virtually any page
>> uses cookies.
>
> If someone knows enough to encrypted home partitions they probably
> know enough to disable this feature as well. I think the decision
> about whether it should be enabled by default should be made based on
> regular users who don't know as much.
No. It will not be enabled by default. For one having this be the
default requires extra steps just to browse some website. Yes, I
consider being prompted for your wallet's password "extra steps" when
all you want to do is browse a web site. Second, having cookies stored
in a kwallet is the least of issues that should concern most user who
store their valuable information on usb keys which are easily lost.
Anyhow, even if this feature makes it into kcookiejar for 4.7, it will
not be the default.
More information about the kde-core-devel
mailing list