Review Request: New Kwallet scheme for Khtml user-password form saving (enabling multiple accounts per site)
toddrme2178 at gmail.com
Mon Jul 4 12:26:25 BST 2011
On Thu, Aug 12, 2010 at 12:34 AM, Michael Leupold <lemma at confuego.org> wrote:
> Oswald Buddenhagen wrote:
>> On Tue, Aug 10, 2010 at 04:03:44PM +0200, Martin Sandsmark wrote:
>>> On Tue, Aug 10, 2010 at 08:48:03AM +0200, Oswald Buddenhagen wrote:
>>> > otoh, konqueror's current behavior is a royal PITA to use. there
>>> > should be some hierarchical treatment of urls with automatic
>>> > propagation of completion data to deeper nested directories (and a
>>> > manual way to propagate up).
>>> It's not given that they belong to the same page, though. So it will
>>> become a potential security hole, no?
>> i've yet to see a password secured site which lives in a subdirectory of
>> another password secured site and is not in the same administrative
>> domain ...
> Nowadays they are probably more of a corner case, but they still exist. Just
> think about university networks or smaller providers which let you log on on
> the frontpage and provide ~user subdirectories which are managed by the
> individuals owning the account.
> Apart from that there are other cases where you could have 2 different
> security providers on one domain which are managed by the same
> administrators, so no security problems but usability ones. Think about
> content management systems which have separate accounts for frontend and
> backend login.
> While I agree that this is probably not that common those cases should weigh
> in heavier regarding security. This doesn't mean we couldn't have a way for
> the user to explicitly configure it to ignore those issues.
Was a decision every made regarding this? I don't seem to see this
implemented in KDE 4.7 rc1, although I might have missed it somehow.
More information about the kde-core-devel