From kde-core-devel Fri Aug 03 08:04:31 2001 From: Rob Kaper Date: Fri, 03 Aug 2001 08:04:31 +0000 To: kde-core-devel Subject: Re: Outstanding critical issue for KDE 2.2 X-MARC-Message: https://marc.info/?l=kde-core-devel&m=99682595704314 On Thu, Aug 02, 2001 at 11:31:25PM +0200, Rolf Magnus wrote: > > Even on multi-user systems, if the file is mode 600 it should not be a > > problem anyway. > > You don't seem to know much about the security of nfs shares, do you? I > don't either, but I know that it's easy for anyone to get the information. Which is why one should consider not using NFS when security is an issue. (now that the kio_sftp in kdenonbeta is working, a kiomount program would be awesome) I think supporting the noautocomplete tag (or whatever) is the best we can do, aside from not storing any information from SSL forms at all. I've seen several e-commerce sites that do indeed have 4 input fields of four digits or ask you to enter your card info into a textarea, along with the expiry date. None of these would get caught by any of our regexps. For 2.2, just disable autocompletion for SSL forms alltogether. That might be overdoing it, but we cannot force a _decent_ solution this soon anyway. For 3.0, I propose something like Mozilla's wallet: an encrypted file, passphrase protected, which optionally stores entries that are entered through input type password and https actions. Rob -- Rob Kaper | Realize what happened to the dotcom industry before even cap@capsi.com | thinking about implementing any dotnet technology. www.capsi.com |