On Tuesday 11 November 2003 05:42 am, George Staikos wrote: > On Monday 10 November 2003 16:55, Paul Campbell wrote: > > config kwallet to do what the Apple ones did where I could > > have the system automatically use my login password to open > > the wallet?) > > > Horrible idea... Where do we store your password in order > to do this? you don't, you use the login password when typed and apply it to unlock the wallet during the login process (I realise this is a problem in the unix/X/KDE world because login and the window manager are usually seperate worlds - KDM and KDE could however be persuaded to work together. (obviously there would have to be a dialog to handle the case where the user's password has changed and the wallet needs to be reencrypted) > It also defeats the "walk away from the > terminal and the wallet is still accessible" safeties. I > think it's very convenient, but a bad idea from a security > perspective. it depends on your machine and situation - obviously it should not be the default - on the other hand people should be able to make their own security decisions - I carry my laptop every where I go - I'm moment to moment responsible for it's physical security while it's booted and I'm quite willing to take the chance that someone will snatch it from me and then use it to file bugs on the company's bugzilla (the only keys in its wallet). As it is I have kwallet running and I find it rather annoying - I alternately log on at work and home, because my IP address changes bugzilla invalidates its cookies and makes me log in again each time, exactly once, and each time I have to type an extra password to open the wallet - so rather than saving me work it's adding it .... (just one data point obviously YMMV) On the other hand there are obviously some keys that are more important than others - bugzilla, I don't care much about, my bank account's login I probably do - opening some wallets and not others at login might make sense. Paul >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<