https://bugs.kde.org/show_bug.cgi?id=504193
--- Comment #24 from Arek Guzinski <ker...@ag.de1.cc> --- > I think the only thing we can do here is try to pass a more specific app name > when possible, at least from KWalletManager. Other that, it seems to be > working as intended. That would be a start.. but the more I think about it, the more questions of security pop up. 1. What is keeping me from making some malware that identifies itself as "KDE System" to get access to all passwords? 2. What if an app should have access to certain passwords, but misuses that privilege to access other passwords? I think kwallet/ksecretservice should .. 1. not give access to the whole wallet, but only to specific entries (while giving the user a way to redirect it to another wallet). 2. identify apps by full paths (and always show these in dialogs) and warn the user if these are user-writeable. It might also be a good idea to save the date of the grant/denial. > I'd rather it be a system tray notification. No need to bother the user with > random dialog popups. Also, specify which wallet was denied. Yep, I second that - having to click a button every time that happens might be quite annoying. -- You are receiving this mail because: You are watching all bug changes.
