Re: Current network-password-saving feature needs improvement.
- From: David Wheeler <dwheeler ida org>
- To: gnome-devel-list gnome org, dwheeler ida org
- Subject: Re: Current network-password-saving feature needs improvement.
- Date: Fri, 19 Jul 2002 10:11:52 -0400
Rashmi Agrawal said:
> A seperate password is better than login password since one of the
> problems which comes up is intermediate
> password changing when the session is going on. Hence a seperate
> password say master password is needed.
That's not a problem if you use PAM. PAM can intercept all
password changes and re-encrypt the master password file.
Network transparency _IS_ a real issue, though.
Especially if you want to arrange things so that different
applications can only access "their" keys (so that a trojan
horse or buffer overflow in a user application
won't get _all_ the passwords; think of a web site with nasty
pages that causes the browser to run malicious code).
Perhaps there should be multiple ways of making the request -
a "local file" solution for non-GNOME applications, and a
CORBA (Orbit) interface that would support network transparency.
By the way, I've thought of a name for this thing...
the "Password Piggybank" (or just "piggybank" for short).
It's a little server that keeps your passwords safe.
--- David A. Wheeler
dwheeler ida org
] [Thread Prev