[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: KWallet integration
From:       Tim Jansen <tim () tjansen ! de>
Date:       2003-09-01 21:29:28
[Download RAW message or body]

On Monday 01 September 2003 23:03, Duncan Mac-Vicar Prett wrote:
> I don't know how this works under the scenes but I think the message could
> be changed to something more descriptive and less "panic" like
> "Kopete needs to retrieve a password from KDE Password Manager".

IMHO this should be turned off completely by default. It does not add any 
additional security. If Kopete is malicious or the user has any other virus/
trojan horse running it will not help anyway, there are thousands of ways to 
get the passwords and the only thing that may prevent the attacker from doing 
this is the password encryption of the wallet.
If the user has a password for the wallet, just ask for it and say that kopete 
requested it. If there is no password or the user already entered it, there 
should be no feedback at all. The idea of KWallet should be to make the user's 
live easier, not to display dialogs that people will stop reading after a 
while anyway.

bye...




[prev in list] [next in list] [prev in thread] [next in thread]