Re: Current network-password-saving feature needs improvement.



On Thu, 2002-08-01 at 17:17, Mikael Hallendal wrote:
> tor 2002-08-01 klockan 21.31 skrev ERDI Gergo:
> > Hi,
> 
> Hi!
> 
> > While reading the Sun security report (which is great to have, btw), I had
> > this idea of a low-tech, localized (i.e. it doesn't require rewriting code
> > in lots of places) solution, which is to modify GConf to support
> > memory-only keys. That is, a special schema flag would make GConf not save
> > a key's value to disk. So when you use the first app that wants your HTTP
> > proxy password (or any other password), you type it in, the app sets the
> > GConf key, and gconfd remembers it so other apps can access it -- but only
> > until you log out.
> 
> Other than GConf having the possibility to store passwords (in a
> Key/Value-sort-of-way), why should passwords be stored in GConf in the
> first place?
> 
> I think it's kinda backwards to change GConf in order to store something
> it wasn't meant for in it.
> 

If not in GConf, then where should applications store passwords if the
user wants the passwords saved? I don't think it makes sense for every
application to have to have their own little bits to encrypt the
password and store it somewhere supposedly safe.

Julian




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]