[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: KWallet integration
From: Martijn Klingens <klingens () kde ! org>
Date: 2003-09-04 12:24:39
[Download RAW message or body]
On Thursday 04 September 2003 14:17, Jörg Walter wrote:
> You forget the probability of unintentional application misbehaviour, i.e.
> bugs. I wouldn't want any app be able to transmit my credit card
> information to somewhere just because the app selected the wrong entry due
> to an off-by-one error or whatever. If KWallet entries would include a flag
> telling which app may use that entry (perhaps just the creating app), then
> such errors (including simple automated exploitation attempts and some
> attack scenarios relying on social engineering) would be blocked.
> Installing a keylogger is much harder for an attacker than making some app
> misbehave through invalid input.
Given the current KWallet API and the way Kopete uses it I somewhat doubt this
is needed, but George has the final word here...
--
Martijn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic