RFC: Moving KWallet Password dialog into Plasma
Aurélien Gâteau
aurelien.gateau at free.fr
Tue Jul 24 13:23:22 BST 2012
Le samedi 21 juillet 2012 10:40:17 Volker Krause a écrit :
> When looking at KWallet security and usability, there's another aspect that
> came up in discussions during Akademy: The "Do you want to allow application
> foo access your wallet?" dialog. It might give the impression that only
> certain "trusted" applications can access the wallet, which is totally
> misleading. The application name can trivially be faked, and the
> "allow/deny always" decision is simply stored in a plain text config file.
>
> I assume the intention of this was rather to give users the choice to not
> store data of well-known/well-behaving applications in the wallet (maybe due
> to security concerns). Kinda makes sense, but might be better solvable by a
> corresponding option on the application level (like web browsers do for
> example, and I think most Akonadi agents as well), instead of bothering me
> with yet another dialog when first using KWallet. This also avoids the
> false sense of security.
Killing this dialog would be good indeed. It always gets in the way of new
users and does not bring much.
Aurélien
More information about the kde-core-devel
mailing list