[Authentication] Don't store passwords in keyring item attributes
Stef Walter
stefw at gnome.org
Fri Aug 17 03:52:26 PDT 2012
Item attributes in gnome-keyring are used to lookup password items.
Think of them as the primary key for the item. They are not stored in a
secure manner on disk. Do not store anything secret or sensitive in item
attributes.
I found an instance of this being done today.
The above also applies to libsecret, the Secret Service DBus API, and
ksecretservice. In addition, this has always been the case with
gnome-keyring, and is not something new.
The libsecret documentation and Secret Service API documentation are
explicit about this. I've added warnings to the libgnome-keyring
documentation as well. These warnings probably should have been there
from the beginning :S
Cheers,
Stef
More information about the Authentication
mailing list