Re: Using Separate Keyring

[Jon Nettleton <jon nettleton gmail com>]

On Tue, 2006-06-27 at 11:46 -0400, Pat Suwalski wrote:
> Jon Nettleton wrote:
> > I think he is talking about the application acl dialog box, not the
> > password dialog.  This should happen once for each keyring item that is
> > accessed by nm-edit.  Selecting always allow should work so you are
> > never prompted to allow nm-edit to that keyring key again.  I started
> > work on a better way for gnome-keyring to handle multiple requests, but
> > have been pulled away from it.
> 
> I don't know how the gnome-keyring backend works, but it would be 
> super-handy if access to key items could be allowed by blanket access to 
> their parent keyring.
> 
> If nm-applet owns the cookie jar, from a user point of view, it 
> shouldn't need to ask for access each of the cookies. Perhaps there is 
> some technical reason why gnome-keyring couldn't do this.
> 
The reason it is not designed like this is for security.  If firefox
stores it's passwords in a keyring ( it doesn't yet ), and you download
random spyware/virus from the web and launch it, with the cookie jar
method the rogue program would have access to all your web passwords.
Right now you would get a pop up, or maybe twenty that ask if that
random program should be allowed to get this information.  

Then interface that I started working on for the ACL dialog doesn't
completely fix this problem, but intends to reduce the confusion.
Envision that for a single application to access all items in a keyring
you will get a dialog that pops up that has all the items listed with
checkboxes next to them.  Then you will have buttons for allow to
selected for this session, always, deny.  Anyways you kind of get the
idea.

> --Pat