We have moved to a new Sailfish OS Forum. Please start new discussions there.

Revision history [back]

click to hide/show revision 1
initial version

posted 2014-05-02 11:01:06 +0200

hardcodes.de gravatar image

[feature-request] Give us a keyring

Currently there is a bug with wrong file permissions in the credentials database: https://together.jolla.com/question/39495/security-risk-with-sqlite-db-in-jolla-passwords-in-plain-text-in-user-space/

Fixing the file permissions would solve the problem for privileged apps only (=from Jolla itself), a good start :-) Encrypting the file content and giving every app programmer the key would be security by obscurity. On top of that every app that uses credentials has to solve the problem again and again and from app perspective it can not be solved.

So please, give us a keyring (or keystore, cryptostore, wallet, what ever you name it) and a nice API for every app to use.

[feature-request] Give us a keyring

Currently there is a bug with wrong file permissions in the credentials database: https://together.jolla.com/question/39495/security-risk-with-sqlite-db-in-jolla-passwords-in-plain-text-in-user-space/

Fixing the file permissions would solve the problem for privileged apps only (=from Jolla itself), a good start :-) :-)

Encrypting the file content and giving every app programmer the key would be security by obscurity. On top of that every app that uses credentials has to solve the problem again and again and from app perspective it can not be solved.

So please, give us a keyring (or keystore, cryptostore, wallet, what ever you name it) and a nice API for every app to use.

[feature-request] Give us a keyring

Currently there is a bug with wrong file permissions in the credentials database: https://together.jolla.com/question/39495/security-risk-with-sqlite-db-in-jolla-passwords-in-plain-text-in-user-space/

Fixing the file permissions would solve the problem for privileged apps only (=from Jolla itself), a good start :-)

Encrypting the file content and giving every app programmer the key would be security by obscurity. On top of that every app that uses credentials has to solve the problem again and again and from app perspective it can not really be solved.

So please, give us a keyring (or keystore, cryptostore, wallet, what ever you name it) and a nice API for every app to use.

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49