kwallet and session-specific URLs
George Staikos
staikos at kde.org
Thu Sep 25 17:25:17 BST 2003
On Thursday 25 September 2003 07:33, Malte Starostik wrote:
> Hi,
>
> I noticed a minor problem with kwallet when logging in to sms.de:
> www.sms.de redirects to a URL like http://
> www-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.id.sms.de:80/
> where xxxxxxxxxxxxxxxxxxxxxxxxxx are hex characters. This string varies
> every(?)time you enter the page. Therefore, the stored username (no prob,
> filled in by cookie) and password (problem here) isn't filled in by konq as
> it doesn't find the URL in the wallet. I guess the same applies to
> session-ids in the URLs path for otherwise identical pages.
> I'm not sure how a somewhat fuzzy match could be done here without possibly
> leaking information to inappropriate sites, but maybe someone else has an
> idea?
That sounds like a really dumb design IMHO. Anyways, we have talked about
making per-domain/url settings for kwallet and I think we should just use
this to allow the user to disable it. Any chance you can try Safari and see
what it does with that url?
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
More information about the kfm-devel
mailing list