[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: KWallet integration
From:       Martijn Klingens <klingens () kde ! org>
Date:       2003-09-04 12:24:39
[Download RAW message or body]

On Thursday 04 September 2003 14:17, Jörg Walter wrote:
> You forget the probability of unintentional application misbehaviour, i.e.
> bugs. I wouldn't want any app be able to transmit my credit card
> information to somewhere just because the app selected the wrong entry due
> to an off-by-one error or whatever. If KWallet entries would include a flag
> telling which app may use that entry (perhaps just the creating app), then
> such errors (including simple automated exploitation attempts and some
> attack scenarios relying on social engineering) would be blocked.
> Installing a keylogger is much harder for an attacker than making some app
> misbehave through invalid input.

Given the current KWallet API and the way Kopete uses it I somewhat doubt this 
is needed, but George has the final word here...

-- 
Martijn

[prev in list] [next in list] [prev in thread] [next in thread]