On 11/25/2009 10:51 AM, Daenyth Blank wrote:
On Wed, Nov 25, 2009 at 10:05, David Rosenstrauch <darose@darose.net> wrote:
On 11/25/2009 04:43 AM, David C. Rankin wrote: FYI - I've set the kwallet password to nothing, and it's seemed to work out nicely, as it no longer prompts me for the wallet password at inopportune times.
In theory this is less secure. But since no one can be logged into my box as me without my account password anyway, in reality there's no way anyone can access my kwallet passwords without having my account password first. Maybe give this a shot?
HTH,
DR
If you're running any services that face an open network, you are in theory vulnerable to an exploit in the service. Also, there have been exploits in web browsers like firefox that would give user-level access. This could potentially give the attacker access to your wallet without your user password, depending on the exploit(s) used. In this case, *all* your passwords will be comprimised. Using a password manager without a password itself is bad for your security.
Good point. I started using kwallet without a password so that I wouldn't get prompted every time I used command line SVN. (Long story short: I configured SVN to integrate with kwallet, instead of having it cache my password on disk.) But since I mostly use SVN from Eclipse anyway (which has its own password cache) this really isn't such a big hassle after all. Thanks, DR