[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Re: Saving of passwords (Was: Security status)
From: Waldo Bastian <bastian () suse ! de>
Date: 2000-02-07 10:47:38
[Download RAW message or body]
On Mon, 07 Feb 2000, George Staikos wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Sun, 06 Feb 2000, Waldo Bastian wrote:
> > For practical purposes I have my ~/.kde/share/config/ directory
> > world-readable. The permission of config files is determined by the
> > umask settings, which usually results in something like
> > "-rwxr--r--". It would be good practice to store passwords in a
> > seperate file (e.g. ~/.kde/share/apps/kmail/passwords) and to make
> > sure that this file has permissions set to 0600.
>
> Does the typical KDE user use KDE on a machine with more than one
> user anyways? It really seems like a desktop system anyways.
The typical KDE system used at universities and schools are all
multi-user.
> I know it's not really an answer, but if the typical user is running
> KDE on a single user desktop, and typical setup is mod 700 on the
> directory, I don't think we really have to do much more than we are
> now. I mean if the password being on disk is really an issue, the
> user shouldn't be keeping it there in the first place.
We are the ones who put it there. We can't assume that every user is a
security expert.
> Not to mention that most of them will be using POP3 and sending their
> password cleartext over the network anyways.
That is no reason to create additional security weaknesses.
> Also what if the homedir is on NFS? Then storing
> it in a separate file gets you nothing either.
?? NFS handles file permissions perfectly fine.
> We're just adding
> more security through obscurity, really.
Scrambling the password to make it "non-plaintext" falls in the
category "security through obscurrity". Ensuring correct
file-permissions on sensitive data is a sane way to build a secure
system.
> It's nice to have the
> password in the same file as the settings, I think. When migrating
> to another machine (thinking about the kmobile project and app
> synchronization) this would make it simpler.
One file more or less should not be a concern. If it is, you have
bigger problems already.
Cheers,
Waldo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic