View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0010175 | Taler | wallet (WebExtension) | public | 2025-07-10 14:06 | 2025-07-10 14:06 |
| Reporter | Christian Grothoff | Assigned To | sebasjm | ||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | assigned | Resolution | open | ||
| Platform | i7 | OS | Debian GNU/Linux | OS Version | squeeze |
| Product Version | git (master) | ||||
| Target Version | 1.1 | ||||
| Summary | 0010175: add (password-based) access protection to WebExtension wallet | ||||
| Description | Basically, an option under 'settings' that would require the user to enter a password/pin code to unlock the wallet before they can make payments / spend money (p2p and merchants). I think it's OK to receive money without access protection ;-). Setting a password/pin should be completely optional, and we should put a big fat warning in front of the user that they need to keep their password/pin 'safe' when they set it. Given that users could still easily *forget* that password and we don't have a good way to reset it, I suggest we do **not** use it to encrypt the database (at least for the initial implementation) and really just store a (salted) hash of the passphrase in the database and then use it as a quick check before we grant access to the payment functionality. In the future, we could add DB encryption once we combine this with Anastasis. | ||||
| Tags | GLS | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-07-10 14:06 | Christian Grothoff | New Issue | |
| 2025-07-10 14:06 | Christian Grothoff | Status | new => assigned |
| 2025-07-10 14:06 | Christian Grothoff | Assigned To | => sebasjm |
| 2025-07-10 14:06 | Christian Grothoff | Tag Attached: GLS |
