Re: Current network-password-saving feature needs improvement.

[Hema Seetharamaiah <hema seetharamaiah wipro com>]

Hi,

Jon Svendsen wrote:
> 
> On Fri, 2002-07-19 at 18:02, desktop-devel-list-request gnome org wrote:
> >       Please stop this guff. Root can do anything; they can snapshot all the
> > core memory, swap - if they're lucky fire up a debugger, and invoke the
> > "trivial_demangle_password" method, on whatever piece of memory it's
> > stored in.
> 
> These things all require time, devotion and skill to do. Retrieving the
> gconf-stored password of _every_ user on the system is trivially
> scriptable, an attacker would only need a very small window of time to
> aqquire passwords for a potentially very large number of mail and proxy
> accounts.
> 
> I agree in principle to the notion that you if you don't trust root,
> stay away from the system. root is the lizard king, he can do anything.
> But one should remember that in a few unfortunate cases, root might
> happen to be a 14-year old with some neat scripts and too much spare
> time. Getting hold of sensitive information should not be trivial.

Yes, I agree that getting hold of sensitive information should not be
trivial. IMO, the feature to prompt once-per-session for http password
is also useful to have so that the user gets a choice to not save to
disk.

Overall, there seems to be a consensus that some encryption for the
saved network password is necessary. 

I would also like some inputs on what folks think about the
once-per-session-prompting for password. 

With this feature, a user need not setup password in the network proxy
capplet. 

Later, when she connects the first time to the proxy, via nautilus,
gweather or stockticker, she is prompted for the password and this used
for the rest of the session and used across the applications. It is then
discarded at the end of the session.

Regards,
Hema.