Don't store passwords in keyring item attributes



Item attributes in gnome-keyring are used to lookup password items.
Think of them as the primary key for the item. They are not stored in a
secure manner on disk. Do not store anything secret or sensitive in item
attributes.

I found an instance of this being done today.

The above also applies to libsecret, the Secret Service DBus API, and
ksecretservice. In addition, this has always been the case with
gnome-keyring, and is not something new.

The libsecret documentation and Secret Service API documentation are
explicit about this. I've added warnings to the libgnome-keyring
documentation as well. These warnings probably should have been there
from the beginning :S

Cheers,

Stef


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]