KDE Wallet Manager: Once a wallet is open an application has access to all passwords there?
1i5t5.duncan at cox.net
Wed Nov 13 15:24:23 GMT 2013
FF posted on Wed, 13 Nov 2013 14:47:18 +0100 as excerpted:
> A question about the wallet system that keeps me worried all morning:
> Once an application has gained access to a wallet... it has access to
> all passwords there, right?
> It this is correct, it appears to me that it would be too risky to
> allow different app providers access the passwords used by others... Why
> not let the app access just the "folder" it resquested to create?
Per-wallet access is why it's possible to create multiple wallets,
allowing you to partition information by wallet and only allow an app
access to the one with the information for that app.
AFAIK there's a more secure solution (or more convenient way to manage
multiple wallets/rings at the same security) based on freedesktop.org's
keyring management standard in kde frameworks five, but it's an API
change and thus wasn't appropriate for kde4, where the multiple wallets
solution is the standard way this is managed.
So for now (kde4), setup additional wallets and keep each app's data
separate in its own wallet, if you're worried about it, but a more
convenient (and cross-desktop) solution should be available in frameworks
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
This message is from the kde mailing list.
Account management: https://mail.kde.org/mailman/listinfo/kde.
More info: http://www.kde.org/faq.html.
More information about the kde