On Thursday 04 September 2003 14:17, Jörg Walter wrote:
> You forget the probability of unintentional application misbehaviour, i.e.
> bugs. I wouldn't want any app be able to transmit my credit card
> information to somewhere just because the app selected the wrong entry due
> to an off-by-one error or whatever. If KWallet entries would include a flag
> telling which app may use that entry (perhaps just the creating app), then
> such errors (including simple automated exploitation attempts and some
> attack scenarios relying on social engineering) would be blocked.
> Installing a keylogger is much harder for an attacker than making some app
> misbehave through invalid input.

Given the current KWallet API and the way Kopete uses it I somewhat doubt this 
is needed, but George has the final word here...

-- 
Martijn