Alexander Larsson wrote: > On Sun, 2006-09-10 at 23:40 +0000, Nate Nielsen wrote: >> In particular I'd like to modify gnome-keyring-daemon so that there is a >> a 'mode' of accessing items without accessing the secrets themselves, >> and therefore not needing one of those nasty 'this application wants to >> access this password' prompts for every single password in the users >> gnome-keyring keyring. > > Interesting. However, isn't there a small security value in protecting > just the fact that you have a password stored for a particular target?
Yes possibly, but I'd assume it's of very minor value. Your typical system is littered with clues as to what URIs, network shares, email accounts, etc... have been accessed. > And anyway, you need to unlock the keyring at least, because all that > information is stored encrypted. Yes, so one password prompt rather than a waterfall of prompts. There are of course multiple ways to solve this problem: - Make the keyring manager processes 'privileged' with regard to accessing secrets without a prompt. (IMO nasty, scary) - Make the keyring manager process not access the actual secrets unless needed, thus not incurring the prompt. Personally I prefer the latter from a security and a 'just makes sense' perspective. Until someone has a better idea... Cheers, Nate _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
