FF posted on Wed, 13 Nov 2013 14:47:18 +0100 as excerpted: > A question about the wallet system that keeps me worried all morning: > > Once an application has gained access to a wallet... it has access to > all passwords there, right? > > It this is correct, it appears to me that it would be too risky to > allow different app providers access the passwords used by others... Why > not let the app access just the "folder" it resquested to create?
Per-wallet access is why it's possible to create multiple wallets, allowing you to partition information by wallet and only allow an app access to the one with the information for that app. AFAIK there's a more secure solution (or more convenient way to manage multiple wallets/rings at the same security) based on freedesktop.org's keyring management standard in kde frameworks five, but it's an API change and thus wasn't appropriate for kde4, where the multiple wallets solution is the standard way this is managed. So for now (kde4), setup additional wallets and keep each app's data separate in its own wallet, if you're worried about it, but a more convenient (and cross-desktop) solution should be available in frameworks 5. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman ___________________________________________________ This message is from the kde mailing list. Account management: https://mail.kde.org/mailman/listinfo/kde. Archives: http://lists.kde.org/. More info: http://www.kde.org/faq.html.
