From kde-core-devel Thu Sep 04 12:24:39 2003 From: Martijn Klingens Date: Thu, 04 Sep 2003 12:24:39 +0000 To: kde-core-devel Subject: Re: KWallet integration X-MARC-Message: https://marc.info/?l=kde-core-devel&m=106267833213176 On Thursday 04 September 2003 14:17, Jörg Walter wrote: > You forget the probability of unintentional application misbehaviour, i.e. > bugs. I wouldn't want any app be able to transmit my credit card > information to somewhere just because the app selected the wrong entry due > to an off-by-one error or whatever. If KWallet entries would include a flag > telling which app may use that entry (perhaps just the creating app), then > such errors (including simple automated exploitation attempts and some > attack scenarios relying on social engineering) would be blocked. > Installing a keylogger is much harder for an attacker than making some app > misbehave through invalid input. Given the current KWallet API and the way Kopete uses it I somewhat doubt this is needed, but George has the final word here... -- Martijn