Current network-password-saving feature needs improvement.


Currently, the user needs to setup the network/http username and
password via the network preferences capplet. Only if this is done, the
user can use gweather, stockticker and nautilus (browser part).

This password is saved into the user's gconf in *plain text*. It's an
issue of privacy (and security) where somebody ( root for one ) can
easily get access the user's network password.

Shouldnt it be stored in an encrypted form, so that at least, it is not
so easily readable?

And more importantly, shouldnt there be an additional option where the
user gets a choice to *not* save the password and later on, when he
connects to the http proxy the first time, he is prompted for the
password? This password could then be retained for the rest of the

Am bringing up the issue first to get your inputs. Would like to follow
this up with a proposal.

 Information contained in this E-MAIL being proprietary to Wipro Limited is 'privileged' 
and 'confidential' and intended for use only by the individual or entity to which it is 
addressed. You are notified that any use, copying or dissemination of the information 
contained in the E-MAIL in any manner whatsoever is strictly prohibited.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]