171580 – Konqueror remembers password when told not to with fish kioslave

Bug 171580 - Konqueror remembers password when told not to with fish kioslave

Summary: Konqueror remembers password when told not to with fish kioslave

Status:	REPORTED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Ubuntu Linux

Importance:	NOR wishlist
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-09-24 12:30 UTC by Prateek
Modified:	2011-11-27 15:46 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Prateek 2008-09-24 12:30:11 UTC

Version: Konqueror 3.5.9 (using KDE 3.5.9)
OS: Linux
Installed from: Ubuntu Packages

Konqueror remembers user passwords even when "remember password" is not selcted, while connecting over fish.

Steps to reproduce:

* Use Konqueror to connect to a remote machine using fish, say fish://example.net, logging in as "someuser". Enter the password, and do not select "remember password". Ensure that other methods of authentication like ssh keys are not possible.
* From the terminal, ssh someuser@example.net, as you would normally.
* On example.net, check the list of processes with ps x. There should be a "sshd: someuser@notty" process, kill that.
* Check ps x again, so see that the process has been killed.
* Go back to Konqueror and do something like navigating to a different folder.
* On example.net, do ps x again to see that an ssh connection has been re-established.

The fact that the second ssh session was established seems to indicate that Konqueror or the fish kio slave remembered the password and used it again, without the user's permission. Konqueror should not remember passwords unless told to do so, and there should be a way to tell Konqueror "I'm done now, forget the password and any other personal data related to this fish session".

Konqueror or the fish kio slave remembering the password (even if it's for the "session") when "remember password" has not been selected is downright misleading, and looks like cheating. The user can feel very insecure, with no obvious way of making it "forget" the password ("oh no, looks like it has stored my password... **panic**... go to configure konqueror, try to delete private data... it STILL remembers my password... **more panic** ... I can't trust Konqueror/KDE/Linux/computers any more!"). This is critical on a public, shared computer.

If "remember password" is not selected, the password should be used once for connecting and then forgotten, exactly the way the usual ssh client works. A "remember for session" option could be added, along with a clear definition of "session" and a way to allow the user to explicitly make Konqueror forget the password. It should be made clear to the user that this password will remain only in RAM, and not on the hard disk (and it should be implemented this way). This will ensure that the password won't be recoverable later in case of a power failure or something. The user might be at a public computer for a limited period of time (exactly the situation in which I encountered this bug), and it may not be possible for him/her to come back to the computer after the power has been restored.

Users can be very sensitive about their passwords on remote machines, and KDE should respect this. Not only should Konqueror do the right thing, it should *take the user in confidence*, and the user should know exactly how Konqueror is dealing with the password. The user must be able to revoke the trust at any time.