Save Cookies in KWallet
Page 1 of 1 (14 posts)
KDE Developer 
|
Cookies are often security relevant.
So it would be a useful optional feature to save them in KWallet. For example "saved logins" are realized using cookies. |
Registered Member
|
It would have to be cookie-specific, but this could be extremely useful. I have to keep myself logged out of gmail, for instance, because anybody who gets access to the computer can just open a web browser and get access to all my emails. With this I could use the "remember me" option to avoid having to enter my user name every time.
Man is the lowest-cost, 150-pound, nonlinear, all-purpose computer system which can be mass-produced by unskilled labor.
-NASA in 1965 |
|
Registered Member
|
Logins are stored by Session id's (mostly) in cookies, so to stre them in wallet is possible by using a cookie name as field and sid as password. Like by creating pointers from cookie files to kwallet DB, or manually set to port cookies if them match some roles.
But the problem, is that sids are to be changing frequently. Is this ok to kwallet? |
Administrator
|
The easiest way to do this would be to modify KCookieJar to use KWallet if it is available, and request access when needed. It should only be used for non session cookies.
KDE Sysadmin
[img]content/bcooksley_sig.png[/img] |
|
KDE Developer
|
Session-Cookies are for temporary login. But often there is an option for a permanent login. Those cookies (they aren't removed after quitting Konqueror) should be stored in KWallet.
|
|
Registered Member
|
And a filter to delete tracking cookies
 Anyway this should be done carefully and not to modify ANY headers browsers sends and in some cases you cant use same kwallet on more than 1 PC, because some systems uses IP and headers to validate cookies. |
|
KDE Developer
|
IP-validation is used for session-cookies and session-cookies should not be stored.
But filtering is a good idea. There could be a cookie-configuration-dialog, where you could see all cookies set by the current host. These options could be available: -Remove Cookie -Remove all Cookies -Set Cookie to ... -Block Cookie -Block all Cookies -Don't store Cookie -Store Cookie -Disable the Cookie temporarily -... |
|
Registered Member
|
Thats not true. By default cookies are not checked by IP. If there is a custom SID generation script, its just a matter of developer if cookie has or not session cookie flag. Also I personally validaite by IP not remeber me cookies too. Anyway thats not the case to stop idea in general, but must be thought about. Unless someone would like to get ban on local eBank 
|
|
KDE Developer
|
But it does not make sence to check IPs for non-session-cookies, because IPs are changing too often.
|
|
Registered Member
|
In some cases it does... |
|
KDE Developer
|
But what's the problem when it's saved in KWallet instead of a cookiefile?
|
|
Administrator
|
There is no problem with using KWallet, except that the user would have to open their wallet in order to gain access to websites they had previously logged into.
KDE Sysadmin
[img]content/bcooksley_sig.png[/img] |
|
Registered Member
|
I think that's the whole idea 
Last edited by TheBlackCat on Mon Jun 08, 2009 3:13 pm, edited 1 time in total.
Man is the lowest-cost, 150-pound, nonlinear, all-purpose computer system which can be mass-produced by unskilled labor.
-NASA in 1965 |
|
KDE Developer
|
Page 1 of 1 (14 posts)
Bookmarks
Who is online
Registered users: Bing [Bot], Google [Bot], q.ignora, watchstar
