Tracking users/sessions on the console
Havoc Pennington
hp at redhat.com
Tue Jan 31 16:41:29 PST 2006
On Wed, 2006-02-01 at 00:02 +0000, Jamie McCracken wrote:
>
> Thats right but it gives us a means to detect if the app is in the
> user's session. The trick is to not expose the private key outside
> the
> session bus and therefore such calls to the system bus would need to
> go
> via the session bus, which appends the private key behind the scenes
> (IE
> its never visible in the public API). That way at least you can stop
> someone posting the private key on their blog!
The private key would be easily obtainable (from our CVS server, from
kernel memory, from the local filesystem), and people could replace the
session bus with one which just ignored the private key or used a
private key of their choice.
Havoc
More information about the dbus
mailing list