[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gcmd-dev] Getting rid of bug 653573 - Passwords stored in plain tex
|
From: |
Michael |
|
Subject: |
Re: [gcmd-dev] Getting rid of bug 653573 - Passwords stored in plain text in ./gnome-commander/connections |
|
Date: |
Mon, 2 Mar 2015 02:24:19 +0100 |
Uwe,
Hmmm....i think there are secure local ways, but it's probably not worth the
effort to maintain them. Anything 'secure' has to be kept up-to-date and be
watched for exploits. It's more effective to leave this routine to the keyring
crews.
There's one argument for local storage, though: Keyring is in focus of
potential hackers, while a single file manager (and not too popular, i guess)
is not.
But then, if a user of a desktop application really fears a virus or hacker,
then she should begin with effective firewalling (preferably at the gateway)
and intrusion detection...and if you're *that* paranoid, then shouldn't you
store your passwords only on a sheet of paper, in the first place, and keep it
under your pillow...
Instead of improving the security of some module of gcmd, anybody concerned
should rather support improving keyring applications.
ps. Ah, i forgot to say, i seem to remember there are more keyring apps out
(like kwallet) and i hope they meanwhile talk a common protocol, so that a
specific gnome binding is not necessary ? i.e., make the keyring application
configurable....and even if one freakish users favorite no-works then at least
gcmd is prepared for the day when it will do ...