'Re: Saving of passwords (Was: Security status)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kmail-devel
Subject:    Re: Saving of passwords (Was: Security status)
From:       George Staikos <staikos () 0wned ! org>
Date:       2000-02-07 2:13:54
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 06 Feb 2000, Waldo Bastian wrote:

> For practical purposes I have my ~/.kde/share/config/ directory 
> world-readable. The permission of config files is determined by the 
> umask settings, which usually results in something like "-rwxr--r--".
> It would be good practice to store passwords in a seperate file (e.g. 
> ~/.kde/share/apps/kmail/passwords) and to make sure that this file has 
> permissions set to 0600.

   Does the typical KDE user use KDE on a machine with more than one user
anyways?  It really seems like a desktop system anyways.  I know it's not
really an answer, but if the typical user is running KDE on a single user
desktop, and typical setup is mod 700 on the directory, I don't think we
really have to do much more than we are now.  I mean if the password being on
disk is really an issue, the user shouldn't be keeping it there in the first
place.  Not to mention that most of them will be using POP3 and sending their
password cleartext over the network anyways.  Also what if the homedir is on
NFS?  Then storing it in a separate file gets you nothing either.  We're just
adding more security through obscurity, really.  It's nice to have the
password in the same file as the settings, I think.  When migrating to
another machine (thinking about the kmobile project and app synchronization)
this would make it simpler.

- -- 

George Staikos 


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2

iQEVAwUBOJ4skPaardfOEhQRAQH9jQf/aG2BA8xHYkF49U3/vDOKFsm0SglAJ8YG
9+rY5ud9+x4itURzuOtiEoXz8rPzrv2C7I9SfW/Yn4mcpzjSt3u4AaRmMR0i49H6
6rKaDUtTGcaSj1ZjIyi7qmfaj+WJi6chKxgb3vi5VqmUXfnEBRWNrsaTNQLBb125
dN232Lr2Ys9Tb25my/VKVgxpYVRdFGj3974GQfHSyFw5PrUaE83ujdWKOPnYAm8Q
7AvznHNJlPU0nUlZQb8i5LCQ2ZhU3+t91F43l4q9G0otmZROfl3lIlzUiP37KYkp
zeRzscpca6CAI5/7RS96YK4pZ2OPNPRfBajtbeTBazS59YmgsbUWKw==
=bkRo
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic