Community
Participate
Working Groups
It does not feel right that we do not re-ask the password for an existing CVS connection in between session. In case I gave my workspace to someone else, he would become granted with all access rights suddenly, just because I left some connections open. This should maybe be configurable at least, so I can flush the information. NOTES: KM (5/18/01 12:12:39 PM) This supported is provided by the password keyring mechanism in Core. It was decided that as a lowbar the UI would not support clearing it (you go and delete it). Clearing on startup would need to be provided by Core. This is either a Core or UI PR, depending on which solution one believes is right. JM (5/20/2001 11:25:17 PM) The core support is explicitly support for authentication information across sessions. Clearing on startup basically defeats the purpose of the mechanism. This information is, by default, kept with the workspace. For whatever reason it was decided that we would not expose a notion of login or user etc so the previously entered passwords are automatically available. The only options to address this real issue are: 1) make users real 2) don't use the provided mechanism. #1 is unlikely to happen. #2 while potentially feasible, is likely low on the priority list. Don't know where to go from here. KM (21/05/01 6:33:32 PM) This feels like a future PR for UI to support "Clear password cache" menu operation. This is keeping with what we agreed in planning. We at least should ensure that people know where to find the keyring file to delete (Core should provide info to DOC/Kerri for June release). JM (6/2/2001 1:11:54 AM) Moving to VCM. There were questoins last week about the flush API so I assume that VCM is adding some UI for clearing the password info. The documentation on how to use that should go with the rest of the VCM doc. KM (6/2/01 4:19:19 PM) We are not adding at this time. General password management should be supported by UI but decision was to hold off for June. Moving to UI for future.
PRODUCT VERSION: SDK 0.108
Defer until higher priority items are complete
Reopen for investigation
There are no plans for the UI team to work on this defect report until higher priority items are addressed.
Because of the important security concerns with passwords, I've gone ahead an implemented the following for the CVS plug-in: 1. passwords are no longer cached silently. The user must select the "save password" box which is followed by a warning that the saved password is only obscured and not encrypted. 2. the user can see the list of saved passwords, and clear the cache. This seems to address the original concerns raised by this PR...over 3 years ago :)
Fix released to HEAD.
*** Bug 5336 has been marked as a duplicate of this bug. ***