On 11/25/2009 10:51 AM, Daenyth Blank wrote:
On Wed, Nov 25, 2009 at 10:05, David Rosenstrauch <darose@xxxxxxxxxx> wrote:
On 11/25/2009 04:43 AM, David C. Rankin wrote:
FYI - I've set the kwallet password to nothing, and it's seemed to work out
nicely, as it no longer prompts me for the wallet password at inopportune
times.
In theory this is less secure. But since no one can be logged into my box
as me without my account password anyway, in reality there's no way anyone
can access my kwallet passwords without having my account password first.
Maybe give this a shot?
HTH,
DR
If you're running any services that face an open network, you are in
theory vulnerable to an exploit in the service. Also, there have been
exploits in web browsers like firefox that would give user-level
access. This could potentially give the attacker access to your wallet
without your user password, depending on the exploit(s) used. In this
case, *all* your passwords will be comprimised. Using a password
manager without a password itself is bad for your security.
Good point.
I started using kwallet without a password so that I wouldn't get
prompted every time I used command line SVN. (Long story short: I
configured SVN to integrate with kwallet, instead of having it cache my
password on disk.) But since I mostly use SVN from Eclipse anyway
(which has its own password cache) this really isn't such a big hassle
after all.
Thanks,
DR