Current network-password-saving feature needs improvement.

From: Hema Seetharamaiah <hema seetharamaiah wipro com>
To: desktop-devel-list gnome org
Cc: gnome-devel <gnome-devel-list gnome org>
Subject: Current network-password-saving feature needs improvement.
Date: Thu, 18 Jul 2002 20:47:49 +0530

Hello,

Currently, the user needs to setup the network/http username and
password via the network preferences capplet. Only if this is done, the
user can use gweather, stockticker and nautilus (browser part).

This password is saved into the user's gconf in *plain text*. It's an
issue of privacy (and security) where somebody ( root for one ) can
easily get access the user's network password.

Shouldnt it be stored in an encrypted form, so that at least, it is not
so easily readable?

And more importantly, shouldnt there be an additional option where the
user gets a choice to *not* save the password and later on, when he
connects to the http proxy the first time, he is prompted for the
password? This password could then be retained for the rest of the
session? 

Am bringing up the issue first to get your inputs. Would like to follow
this up with a proposal.

Regards,
Hema.

**************************Disclaimer**************************************************    
 
 Information contained in this E-MAIL being proprietary to Wipro Limited is 'privileged' 
and 'confidential' and intended for use only by the individual or entity to which it is 
addressed. You are notified that any use, copying or dissemination of the information 
contained in the E-MAIL in any manner whatsoever is strictly prohibited.

****************************************************************************************

Follow-Ups:
- Re: Current network-password-saving feature needs improvement.
  - From: Sean Middleditch

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]