RFC: Moving KWallet Password dialog into Plasma

Aurélien Gâteau aurelien.gateau at free.fr
Tue Jul 24 13:23:22 BST 2012

Le samedi 21 juillet 2012 10:40:17 Volker Krause a écrit :

> When looking at KWallet security and usability, there's another aspect that
> came up in discussions during Akademy: The "Do you want to allow application
> foo access your wallet?" dialog. It might give the impression that only
> certain "trusted" applications can access the wallet, which is totally
> misleading. The application name can trivially be faked, and the
> "allow/deny always" decision is simply stored in a plain text config file.
> I assume the intention of this was rather to give users the choice to not
> store data of well-known/well-behaving applications in the wallet (maybe due
> to security concerns). Kinda makes sense, but might be better solvable by a
> corresponding option on the application level (like web browsers do for
> example, and I think most Akonadi agents as well), instead of bothering me
> with yet another dialog when first using KWallet. This also avoids the
> false sense of security.

Killing this dialog would be good indeed. It always gets in the way of new 
users and does not bring much.


More information about the kde-core-devel mailing list