Re: Current network-password-saving feature needs improvement.



ERDI Gergo <cactus cactus rulez org> writes:
> 
> While reading the Sun security report (which is great to have, btw), I had
> this idea of a low-tech, localized (i.e. it doesn't require rewriting code
> in lots of places) solution, which is to modify GConf to support
> memory-only keys. That is, a special schema flag would make GConf not save
> a key's value to disk. So when you use the first app that wants your HTTP
> proxy password (or any other password), you type it in, the app sets the
> GConf key, and gconfd remembers it so other apps can access it -- but only
> until you log out.
> 
> Does this make any sense?
> 

I'd like to see something much simpler and more possible to audit than
that for passwords.

Havoc



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]