[news.eclipse.technology.ecf] Re: password storage and ui

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Newsgroup Home]

[news.eclipse.technology.ecf] Re: password storage and ui

From: Scott Lewis <slewis@xxxxxxxxxxxxx>
Date: Sat, 13 Dec 2008 18:19:07 -0800
Newsgroups: eclipse.technology.ecf
Organization: EclipseCorner
User-agent: Thunderbird 2.0.0.18 (Windows/20081105)

Hi Hallvard,

Hallvard Trætteberg wrote:

Hi,
I'm preparing a pre-configured Eclipse with a project on a memory stick. The idea is setting everything up, so the (other) users of the memory stick can continue where I left. This way, nothing needs to be set up by them.

ECF is one of the things my users should utilize, including chat and shared editor, so I'm testing it using my own XMPP user. I notice that Eclipse remembers my XMPP user and password across sessions, and since both Eclipse and the workspace is on the memory stick, I fear that they (user name and password) will stick (pun intended), too.

So the question is, where is the password stored and how can I clear it. I found a reference to the user name in the workspace' metadata (.metadata\.plugins\org.eclipse.ecf.provider.xmpp.ui\dialog_settings.xml) but couldn't find the password. I suppose it should be stored in a secure manner, but couldn't find out how or where.

I should say that currently the password information is *not* stored across Eclipse sessions. The password is not persistently stored on disk (which is why, if you exit Eclipse and restart, then login to one of the stored accounts, you will be re-prompted to enter the password).

So I don't think it will be necessary for you to explicitly remove anything, as the password is not stored on disk.

Incidently, if you want to also remove the user accounts, these are stored in

.metadata\.plugins\org.eclipse.ecf.provider.xmpp.ui\dialog_settings.xml

We are/will be looking to move over to using the new Equinox Secure Preferences Factory in org.eclipse.equinox.security.storage.SecurePreferencesFactory. This will allow the passwords to be stored persistently (across Eclipse sessions), and with real security/encryption. I've created an enhancement request to that effect here:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=258743

Also, with the secure preferences mechanism, it's possible to remove things from the secure storage (and it is done on a user-specific basis).

Some background about existing mechanisms:

To store passwords *within* a session, are currently using the Platform.getAuthorizationInfo(URL serverUrl, String realm, String authScheme) method. This is implemented in the following ECF helper class:

org.eclipse.ecf.ui.util.PasswordCacheHelper...and ECF uses the following params for the get/setAuthorizationInfo calls:

URL=http://org.eclipse.ecf.ui
realm=<connect id>
  (where connect id for xmpp would be "slewis@xxxxxxxxxxxxxxx")
authScheme="" <empty string>

Hallvard

Follow-Ups:
- [news.eclipse.technology.ecf] Re: password storage and ui
  - From: Hallvard Trætteberg

References:
- [news.eclipse.technology.ecf] password storage and ui
  - From: Hallvard Trætteberg

Prev by Date: [news.eclipse.technology.ecf] Problems with file transfer over XMPP
Next by Date: [news.eclipse.technology.ecf] Re: password storage and ui
Previous by thread: [news.eclipse.technology.ecf] password storage and ui
Next by thread: [news.eclipse.technology.ecf] Re: password storage and ui
Index(es):
- Date
- Thread