Re: Current network-password-saving feature needs improvement.

From: David Wheeler <dwheeler ida org>
To: gnome-devel-list gnome org, dwheeler ida org
Subject: Re: Current network-password-saving feature needs improvement.
Date: Fri, 19 Jul 2002 10:11:52 -0400

Rashmi Agrawal said:

> A seperate password is better than login password since one of the
> problems which comes up is intermediate
> password changing when the session is going on. Hence a seperate
> password say master password is needed.

That's not a problem if you use PAM.  PAM can intercept all
password changes and re-encrypt the master password file.

Network transparency _IS_ a real issue, though.
Especially if you want to arrange things so that different
applications can only access "their" keys (so that a trojan
horse or buffer overflow in a user application
won't get _all_ the passwords; think of a web site with nasty
pages that causes the browser to run malicious code).
Perhaps there should be multiple ways of making the request -
a "local file" solution for non-GNOME applications, and a
CORBA (Orbit) interface that would support network transparency.

By the way, I've thought of a name for this thing...
the "Password Piggybank" (or just "piggybank" for short).
It's a little server that keeps your passwords safe.



--- David A. Wheeler
    dwheeler ida org

Follow-Ups:
- Re: Current network-password-saving feature needs improvement.
  - From: Aidan Skinner
- Re: Current network-password-saving feature needs improvement.
  - From: Rashmi Agrawal

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]