2059 – [Workbench] CVS password saving between session (1GDX7JK)

Bug 2059 - [Workbench] CVS password saving between session (1GDX7JK)

Summary: [Workbench] CVS password saving between session (1GDX7JK)

Status:	RESOLVED FIXED

Alias:	None

Product:	Platform
Classification:	Eclipse Project
Component:	UI (show other bugs)
Version:	2.0
Hardware:	All All

Importance:	P4 enhancement (vote)
Target Milestone:	3.0 M9
Assignee:	platform-cvs-inbox
QA Contact:

URL:
Whiteboard:
Keywords:	investigate

Duplicates (1):	5336 (view as bug list)
Depends on:
Blocks:

Reported:	2001-10-10 22:25 EDT by Philipe Mulet
Modified:	2004-04-14 15:40 EDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philipe Mulet

2001-10-10 22:25:34 EDT

It does not feel right that we do not re-ask the password for an existing CVS
connection in between session. In case I gave my workspace to someone else,
he would become granted with all access rights suddenly, just because I left
some connections open.

This should maybe be configurable at least, so I can flush the information.

NOTES:

KM (5/18/01 12:12:39 PM)
This supported is provided by the password keyring mechanism in Core.

It was decided that as a lowbar the UI would not support clearing it (you go and delete it).
Clearing on startup would need to be provided by Core.
This is either a Core or UI PR, depending on which solution one believes is right.

JM (5/20/2001 11:25:17 PM)
The core support is explicitly support for authentication information across sessions.
Clearing on startup basically defeats the purpose of the mechanism.
This information is, by default, kept with the workspace. For whatever reason it was
decided that we would not expose a notion of login or user etc so the previously entered
passwords are automatically available. The only options to address this real issue are:
1) make users real
2) don't use the provided mechanism.
#1 is unlikely to happen. #2 while potentially feasible, is likely low on the priority list.

Don't know where to go from here.

KM (21/05/01 6:33:32 PM)
This feels like a future PR for UI to support "Clear password cache" menu operation.
This is keeping with what we agreed in planning.
We at least should ensure that people know where to find the keyring file to delete
(Core should provide info to DOC/Kerri for June release).

JM (6/2/2001 1:11:54 AM)
Moving to VCM. There were questoins last week about the flush API so I assume that VCM
is adding some UI for clearing the password info. The documentation on how to use that
should go with the rest of the VCM doc.

KM (6/2/01 4:19:19 PM)
We are not adding at this time.
General password management should be supported by UI but decision was to hold off for June.
Moving to UI for future.

Comment 1 DJ Houghton

2001-10-29 17:48:42 EST

PRODUCT VERSION:
SDK 0.108

Comment 2 Kevin Haaland

2002-02-07 20:42:52 EST

Defer until higher priority items are complete

Comment 3 Randy Giffen

2002-08-07 11:01:12 EDT

Reopen for investigation

Comment 4 Kevin Haaland

2003-02-07 13:46:29 EST

There are no plans for the UI team to work on this defect report until higher 
priority items are addressed.

Comment 5 Jean-Michel Lemieux

2004-04-14 15:38:30 EDT

Because of the important security concerns with passwords, I've gone ahead an
implemented the following for the CVS plug-in:
1. passwords are no longer cached silently. The user must select the "save
password" box which is followed by a warning that the saved password is only
obscured and not encrypted.
2. the user can see the list of saved passwords, and clear the cache.
This seems to address the original concerns raised by this PR...over 3 years ago :)

Comment 6 Jean-Michel Lemieux

2004-04-14 15:38:46 EDT

Fix released to HEAD.

Comment 7 Jean-Michel Lemieux

2004-04-14 15:40:13 EDT

*** Bug 5336 has been marked as a duplicate of this bug. ***