sending authentication data over the bus
Bastien Nocera
hadess at hadess.net
Sun Aug 1 10:56:11 PDT 2010
On Thu, 2010-07-29 at 15:44 -0300, Thiago Macieira wrote:
> On Thursday 29. July 2010 12.36.13 Rodrigo Moya wrote:
> > Hi
> >
> > I am working on an authentication service which, right now, is fired by
> > apps requiring the authentication. This service retrieves the tokens for
> > the user (OAuth tokens) and stores them in the GNOME keyring, and then
> > signals the application making the call so that it can retrieve the
> > tokens from the keyring.
> >
> > We were wondering if sending the tokens over the bus, to avoid having
> > apps having to read the keyring, would be secure. So, is it? Can
> > external apps (running as a different user on the same system) listen to
> > the plain text communication over the bus?
>
> Different users cannot connect to the session bus.
But rogue applications within the session, and the root user switching
users can both listen in on D-Bus session bus.
More information about the dbus
mailing list