bad feature
Dawit A.
adawit at kde.org
Fri Oct 25 02:41:39 BST 2002
On Thursday 24 October 2002 14:30, Keunwoo Lee wrote:
> On Wed, 23 Oct 2002, Thomas Zander wrote:
> > > On Mit, 23 Okt 2002, Thomas Zander wrote:
> > > > Since some time konqueror clears the password fields so I can't press
> > > > back and re-commit. I know this feature from IE and always hated it,
> > > > its just very bad for usability.
> > >
> > > But its very good for security :)
> >
> > I disagree; its a false sense of security. If only since session cookies
> > are still available. Now; if you empty the password field when a cookie
> > that is set as a result of that form is expired; then it makes sense. Now
> > its just annoying and does not add any security.
> >
> > Again; closing konqueror (or even logging out of X) is the only way you
> > can be 'secure' in this matter.
>
> Actually, KDE stores cookies in a separate process (the kcookiejar),
Right.
> and closing Konqueror doesn't wipe the cookies.
Wrong. True that was the case before, but starting with KDE 3.1 session
cookies are properly treated as such. Infact there is even a feature to allow
you to treat "all cookies" as session cookies so that they are deleted when
you close konqueror. Of course there still might be bugs, but those should
be reported so they can get fixed.
Regards,
Dawit A.
More information about the kfm-devel
mailing list