View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0010175 | Taler | wallet (WebExtension) | public | 2025-07-10 14:06 | 2026-03-21 01:18 |
| Reporter | Christian Grothoff | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | confirmed | Resolution | open | ||
| Platform | i7 | OS | Debian GNU/Linux | OS Version | squeeze |
| Product Version | git (master) | ||||
| Target Version | post-1.0 | ||||
| Summary | 0010175: add (password-based) access protection to WebExtension wallet [discussion] | ||||
| Description | Basically, an option under 'settings' that would require the user to enter a password/pin code to unlock the wallet before they can make payments / spend money (p2p and merchants). I think it's OK to receive money without access protection ;-). Setting a password/pin should be completely optional, and we should put a big fat warning in front of the user that they need to keep their password/pin 'safe' when they set it. Given that users could still easily *forget* that password and we don't have a good way to reset it, I suggest we do **not** use it to encrypt the database (at least for the initial implementation) and really just store a (salted) hash of the passphrase in the database and then use it as a quick check before we grant access to the payment functionality. In the future, we could add DB encryption once we combine this with Anastasis. | ||||
| Tags | No tags attached. | ||||
|
|
Key idea: do NOT use access protection to deposit back into customer's bank account, so they do not loose their funds if they forget their password. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-07-10 14:06 | Christian Grothoff | New Issue | |
| 2025-07-10 14:06 | Christian Grothoff | Status | new => assigned |
| 2025-07-10 14:06 | Christian Grothoff | Assigned To | => sebasjm |
| 2025-07-10 14:06 | Christian Grothoff | Tag Attached: GLS | |
| 2025-07-30 00:10 | Christian Grothoff | Note Added: 0025578 | |
| 2025-07-30 00:10 | Christian Grothoff | Target Version | 1.1 => post-1.0 |
| 2025-07-30 00:10 | Christian Grothoff | Assigned To | sebasjm => |
| 2025-07-30 00:10 | Christian Grothoff | Status | assigned => confirmed |
| 2025-10-13 11:28 | Florian Dold | Summary | add (password-based) access protection to WebExtension wallet => add (password-based) access protection to WebExtension wallet [discussion] |
| 2025-11-06 14:20 | Damian Pilka | Target Version | post-1.0 => gls-desired |
| 2025-11-06 14:20 | Damian Pilka | View Status | public => private |
| 2025-12-19 15:57 | Christian Grothoff | Target Version | gls-desired => post-1.0 |
| 2026-03-21 01:18 | Christian Grothoff | Tag Detached: GLS | |
| 2026-03-21 01:18 | Christian Grothoff | View Status | private => public |
