[Bug 136623] security issue - kmail uses cashed password after closing the wallet manager
Michael Leupold
lemma at confuego.org
Thu May 1 10:38:34 BST 2008
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugs.kde.org/show_bug.cgi?id=136623
------- Additional Comments From lemma confuego org 2008-05-01 11:38 -------
It seems kwallet is supposed to work like that but the security options might seem a little obscure to users. In the settings dialog you have "Close when last application stops using it" which closes a wallet if it's no longer used. Of course if you have any other application keeping the wallet open it stays open and kmail can access it again after restarting.
So it basically boils down to 2 things you can do:
1) Close the wallet manually (having other applications using it reopen it)
2) Set a time-out for closing the wallet in the kwalletmanager settings.
I'm not sure how to handle this. Of course we could have every application accessing a wallet ask for the password but that doesn't seem like a good thing to do. I'd much rather be in favour of making the options clearer to the user in further releases.
What do you think?
More information about the Kdepim-bugs
mailing list