[arch-general] kmail spellcheck reporting no errors when there plainly are errors - can someone confirm?
David Rosenstrauch
darose at darose.net
Mon Nov 30 11:50:34 EST 2009
On 11/25/2009 10:51 AM, Daenyth Blank wrote:
> On Wed, Nov 25, 2009 at 10:05, David Rosenstrauch <darose at darose.net> wrote:
>> On 11/25/2009 04:43 AM, David C. Rankin wrote:
>> FYI - I've set the kwallet password to nothing, and it's seemed to work out
>> nicely, as it no longer prompts me for the wallet password at inopportune
>> times.
>>
>> In theory this is less secure. But since no one can be logged into my box
>> as me without my account password anyway, in reality there's no way anyone
>> can access my kwallet passwords without having my account password first.
>> Maybe give this a shot?
>>
>> HTH,
>>
>> DR
>>
>
>
> If you're running any services that face an open network, you are in
> theory vulnerable to an exploit in the service. Also, there have been
> exploits in web browsers like firefox that would give user-level
> access. This could potentially give the attacker access to your wallet
> without your user password, depending on the exploit(s) used. In this
> case, *all* your passwords will be comprimised. Using a password
> manager without a password itself is bad for your security.
Good point.
I started using kwallet without a password so that I wouldn't get
prompted every time I used command line SVN. (Long story short: I
configured SVN to integrate with kwallet, instead of having it cache my
password on disk.) But since I mostly use SVN from Eclipse anyway
(which has its own password cache) this really isn't such a big hassle
after all.
Thanks,
DR
More information about the arch-general
mailing list