Re: MT-NW and Keychain

From: Bob Harris <nospam.News.Bob@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 30 Jun 2006 02:12:44 GMT

In article <smfr-103367.09462429062006@xxxxxxxxxxxxxxxxx>,
Simon Fraser <smfr@xxxxxxxx> wrote:

I'd like to add support to MT-NW for saving passwords in Keychain. There
are two ways I could do this, so I'd like feedback on whether my
preferred way would cause any problems for people.

The first option is to store passwords in Keychain in addition to the
current method of storing them (not very securely) in the prefs file.
This has the downside of more complex UI, insecure storage, and having
the passwords stored in two places.

The second option is to eliminate PW storage from the MT-NW prefs, and
only store them in the Keychain. This is more secure, allows simpler UI,
and is what most other apps (Mail etc) do now. This would be my
preferred option. Passwords would be stored per-username, per server.

Comments? Are there situations in which having passwords only in
Keychain are a problem?

Simon

Keychain - it has been working rather well for other apps, why not
MT-NW.

Bob Harris
.

References:
- MT-NW and Keychain
  - From: Simon Fraser

Prev by Date: Re: ... a truly beautiful Mac app
Next by Date: Re: MT-NW and Keychain
Previous by thread: Re: MT-NW and Keychain
Next by thread: Re: MT-NW and Keychain
Index(es):
- Date
- Thread

Relevant Pages

Re: Couldnt get keychain to work
... >> I had created a new keychain and still, ... I did so and now my passwords are saving just fine. ... >> I love keychain access because I'm the only one who uses my computer ... There are really no instructions for the keychain. ...
(comp.sys.mac.apps)
Re: Couldnt get keychain to work
... add this to my keychain." ... I did so and now my passwords are saving just fine. ... > and it doesn't bother me to have the username and password supplied ... Until some kind soul directs me to a site where the use of ...
(comp.sys.mac.apps)
Re: Apple Safari on MacOSX may reveal users saved passwords
... which appears to be the whole basis of this 'vulnerability'. ... The point is that normally a malicious applications running as a nonroot are not able to read keychained passwords. ... In this case to steal passwords is sufficent to entice the victim to execute a malicious script, that normally it's not enough since keychain refuses access to untrusted applications. ... As far as root access goes, see my comments above regarding key loggers? ...
(Bugtraq)
Re: Apple Safari on MacOSX may reveal users saved passwords
... which appears to be the whole basis of this 'vulnerability'. ... In this case to steal passwords is sufficent to entice the victim to execute a malicious script, that normally it's not enough since keychain refuses access to untrusted applications. ... As far as root access goes, see my comments above regarding key loggers? ...
(Bugtraq)
Re: Apple Safari on MacOSX may reveal users saved passwords
... which appears to be the whole basis of this 'vulnerability'. ... In this case to steal passwords is sufficent to entice the victim to execute a malicious script, that normally it's not enough since keychain refuses access to untrusted applications. ... As far as root access goes, see my comments above regarding key loggers? ...
(Bugtraq)