On Thursday 04 September 2003 08:24, Martijn Klingens wrote: > On Thursday 04 September 2003 14:17, Jörg Walter wrote: > > You forget the probability of unintentional application misbehaviour, > > i.e. bugs. I wouldn't want any app be able to transmit my credit card > > information to somewhere just because the app selected the wrong entry > > due to an off-by-one error or whatever. If KWallet entries would include > > a flag telling which app may use that entry (perhaps just the creating > > app), then such errors (including simple automated exploitation attempts > > and some attack scenarios relying on social engineering) would be > > blocked. Installing a keylogger is much harder for an attacker than > > making some app misbehave through invalid input. > > Given the current KWallet API and the way Kopete uses it I somewhat doubt > this is needed, but George has the final word here... Any app can send the wrong information by accident. This is why we have folders. It keeps the data separate. Web forms are the only real collision case that I know of, and they populate the data in the form but do NOT send it automatically. Anyways, I really don't have time to read this thread before it dies off and you guys all forget about it already. Can we get a kde-core-devel-kwallet-digest? :-) Seriously, I don't want to have a "final word" here. However I don't have time to deal with speculation and unfounded criticism. If anyone wanted to do that, they missed their chance while I was at Nove Hrady. I was there for days after the paper was published and the talk was presented, and even after most of the code was in CVS. I am now extremely busy catching up after Nove Hrady so here is my policy regarding KWallet: 1) If you have a serious security or privacy concern, founded, and provably exploitable, please contact me directly and immediately. Note that after some research by Dirk and I, it seems that our implementation is far more secure than other existing implementations. I'm still open to suggestions though. 2) If you have a substantial improvement idea for the design or the implementation, first check kdeutils/kwallet/TODO, then email me, preferably with a patch, at least with the idea. 3) The UI probably needs lots of help and I doubt I would mind if some UI wizards did some cleanup. CCMAIL me the commits if you're feeling extra friendly. 4) If you have UI and usability complaints, do not send them my way unless you are prepared to back them up with comparisons against other such systems. Have a look at Apple's system, passport, or some other similar system. The only big difference we have at this point is that we don't reuse the system login password for the wallet password. I think you can agree with me that this is a bad idea for us to emulate. 5) API and application integration. If you think it's too difficult to integrate with your app, please tell me why and suggest an alternative approach. My goal is to keep almost all error handling inside libkwalletclient and kwalletd, and to keep the API very simple. If it's too simple, I can change it. Thanks for your understanding with this. -- George Staikos KDE Developer http://www.kde.org/ Staikos Computing Services Inc. http://www.staikos.net/