Re: Showing gnome-keyring passwords in Seahorse [was: Proposal for Seahorse inclusion in GNOME 2.18]
- From: Nate Nielsen <nielsen-list memberwebs com>
- To: Alexander Larsson <alexl redhat com>
- Cc: uws+gnome xs4all nl, desktop-devel-list gnome org
- Subject: Re: Showing gnome-keyring passwords in Seahorse [was: Proposal for Seahorse inclusion in GNOME 2.18]
- Date: Mon, 11 Sep 2006 22:05:21 +0000 (GMT)
Alexander Larsson wrote:
> On Sun, 2006-09-10 at 23:40 +0000, Nate Nielsen wrote:
>> In particular I'd like to modify gnome-keyring-daemon so that there is a
>> a 'mode' of accessing items without accessing the secrets themselves,
>> and therefore not needing one of those nasty 'this application wants to
>> access this password' prompts for every single password in the users
>> gnome-keyring keyring.
>
> Interesting. However, isn't there a small security value in protecting
> just the fact that you have a password stored for a particular target?
Yes possibly, but I'd assume it's of very minor value. Your typical
system is littered with clues as to what URIs, network shares, email
accounts, etc... have been accessed.
> And anyway, you need to unlock the keyring at least, because all that
> information is stored encrypted.
Yes, so one password prompt rather than a waterfall of prompts. There
are of course multiple ways to solve this problem:
- Make the keyring manager processes 'privileged' with regard
to accessing secrets without a prompt. (IMO nasty, scary)
- Make the keyring manager process not access the actual
secrets unless needed, thus not incurring the prompt.
Personally I prefer the latter from a security and a 'just makes sense'
perspective. Until someone has a better idea...
Cheers,
Nate
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]