Konqueror remembers password when told not to with fish kioslave
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
KDE Base |
New
|
Wishlist
|
|||
kdebase (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: konqueror
I'm using Konqueror 3.5.9, KDE 3.5.9 on Kubuntu 8.04.
Steps to reproduce:
* Use Konqueror to connect to a remote machine using fish, say fish://example.net, logging in as "someuser". Enter the password, and do not select "remember password". Ensure that other methods of authentication like ssh keys are not possible.
* From the terminal, ssh <email address hidden>, as you would normally.
* On example.net, check the list of processes with ps x. There should be a "sshd: someuser@notty" process, kill that.
* Check ps x again, so see that the process has been killed.
* Go back to Konqueror and do something like navigating to a different folder.
* On example.net, do ps x again to see that an ssh connection has been re-established.
The fact that the second ssh session was established seems to indicate that Konqueror remembered the password and used it again, without the user's permission. Konqueror should not remember passwords unless told to do so, and there should be a way to tell Konqueror "I'm done now, forget the password and any other personal data related to this fish session".
Changed in kdebase: | |
status: | Unknown → New |
Changed in kdebase: | |
importance: | Unknown → Medium |
Changed in kde-baseapps: | |
importance: | Medium → Wishlist |
Well, don't kill the remote process.
Konqueror (or rather the underlying fish kio slave) will remember the password for the session time - which is the actual usage + a time buffer of 30 seconds to some minutes (differs from kio slave to kio slave).