Don't store passwords in keyring item attributes
- From: Stef Walter <stefw gnome org>
- To: "gnome-keyring-list gnome org" <gnome-keyring-list gnome org>
- Cc: Cross-desktop authentication and single sign-on <authentication lists freedesktop org>, "desktop-devel-list gnome org" <desktop-devel-list gnome org>
- Subject: Don't store passwords in keyring item attributes
- Date: Fri, 17 Aug 2012 12:52:26 +0200
Item attributes in gnome-keyring are used to lookup password items.
Think of them as the primary key for the item. They are not stored in a
secure manner on disk. Do not store anything secret or sensitive in item
attributes.
I found an instance of this being done today.
The above also applies to libsecret, the Secret Service DBus API, and
ksecretservice. In addition, this has always been the case with
gnome-keyring, and is not something new.
The libsecret documentation and Secret Service API documentation are
explicit about this. I've added warnings to the libgnome-keyring
documentation as well. These warnings probably should have been there
from the beginning :S
Cheers,
Stef
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
