[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: storing HTTP/FTP passwords
From:       Sven Radej <sven () lisa ! exp ! univie ! ac ! at>
Date:       1999-12-18 9:08:43
[Download RAW message or body]

On Fri, 17 Dec 1999, Mario Weilguni wrote:
>Since Krash is out, can I start now to implement password caching?
>
>The question is how long to cache:
>1 only per application. E.g. if you quit konquerer and restart it, your
>passwords are gone. I don't really like that.
>
>2 only per KDE session. This would require some sort of password daemon, because
>saving passwords clear text on the disk is way to unsafe. The passwords can be
>safed on the disk, but need to be encrypted, and there must be a daemon you can
>ask for the key. Or does anybody knows a more secure way? But a extra daemon
>programm for this minimal functionality is overkill.
A universal password caching daemon would be very nice. It should be running
all the time during session, keeping passwords in memory and not on disk
(IIRC there is a mlock(2) call which disables saving of some pages to swap).
Optionally, daemon could offer saving passwords (PGP encrypted) on session end
and reloading them on beginning of next session, asking only for PGP
passphrase. If this could work together with SSH it would be wonderfull (SSH
asks for a password by starting X program "ssh-askpass"; we could offer the
program with same name which contacts our passwd daemon for password/passphrase.

-- 
Sven Radej      radej@kde.org
KDE developer   Visit http://www.kde.org

[prev in list] [next in list] [prev in thread] [next in thread]