Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Eclipse Communications Framework (ECF) » password storage and ui
password storage and ui [message #624449] Thu, 11 December 2008 10:31 Go to next message
Hallvard Traetteberg is currently offline Hallvard TraettebergFriend
Messages: 601
Registered: July 2009
Location: Trondheim, Norway
Senior Member
Hi,

I'm preparing a pre-configured Eclipse with a project on a memory stick. The
idea is setting everything up, so the (other) users of the memory stick can
continue where I left. This way, nothing needs to be set up by them.

ECF is one of the things my users should utilize, including chat and shared
editor, so I'm testing it using my own XMPP user. I notice that Eclipse
remembers my XMPP user and password across sessions, and since both Eclipse and
the workspace is on the memory stick, I fear that they (user name and password)
will stick (pun intended), too.

So the question is, where is the password stored and how can I clear it. I found
a reference to the user name in the workspace' metadata
(.metadata\.plugins\org.eclipse.ecf.provider.xmpp.ui\dialog_ settings.xml) but
couldn't find the password. I suppose it should be stored in a secure manner,
but couldn't find out how or where.

Hallvard
Re: password storage and ui [message #624451 is a reply to message #624449] Sun, 14 December 2008 02:19 Go to previous messageGo to next message
Scott Lewis is currently offline Scott LewisFriend
Messages: 974
Registered: July 2009
Senior Member
Hi Hallvard,

Hallvard Trætteberg wrote:
> Hi,
>
> I'm preparing a pre-configured Eclipse with a project on a memory stick.
> The idea is setting everything up, so the (other) users of the memory
> stick can continue where I left. This way, nothing needs to be set up by
> them.
>
> ECF is one of the things my users should utilize, including chat and
> shared editor, so I'm testing it using my own XMPP user. I notice that
> Eclipse remembers my XMPP user and password across sessions, and since
> both Eclipse and the workspace is on the memory stick, I fear that they
> (user name and password) will stick (pun intended), too.
>
> So the question is, where is the password stored and how can I clear it.
> I found a reference to the user name in the workspace' metadata
> (.metadata\.plugins\org.eclipse.ecf.provider.xmpp.ui\dialog_ settings.xml)
> but couldn't find the password. I suppose it should be stored in a
> secure manner, but couldn't find out how or where.


I should say that currently the password information is *not* stored
across Eclipse sessions. The password is not persistently stored on
disk (which is why, if you exit Eclipse and restart, then login to one
of the stored accounts, you will be re-prompted to enter the password).

So I don't think it will be necessary for you to explicitly remove
anything, as the password is not stored on disk.

Incidently, if you want to also remove the user accounts, these are
stored in

..metadata\.plugins\org.eclipse.ecf.provider.xmpp.ui\dialog_ settings.xml


We are/will be looking to move over to using the new Equinox Secure
Preferences Factory in
org.eclipse.equinox.security.storage.SecurePreferencesFactor y. This
will allow the passwords to be stored persistently (across Eclipse
sessions), and with real security/encryption. I've created an
enhancement request to that effect here:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=258743

Also, with the secure preferences mechanism, it's possible to remove
things from the secure storage (and it is done on a user-specific basis).

Some background about existing mechanisms:

To store passwords *within* a session, are currently using the
Platform.getAuthorizationInfo(URL serverUrl, String realm, String
authScheme) method. This is implemented in the following ECF helper class:

org.eclipse.ecf.ui.util.PasswordCacheHelper...and ECF uses the following
params for the get/setAuthorizationInfo calls:

URL=http://org.eclipse.ecf.ui
realm=<connect id>
(where connect id for xmpp would be "slewis@ecf.eclipse.org")
authScheme="" <empty string>










>
> Hallvard
Re: password storage and ui [message #624452 is a reply to message #624449] Sun, 14 December 2008 07:59 Go to previous messageGo to next message
Eclipse UserFriend
Originally posted by: remy.suen.gmail.com

Hallvard Trætteberg wrote:
> So the question is, where is the password stored and how can I clear it.

I believe this is in the
eclipse/configuration/org.eclipse.core.runtime/.keyring file. Best way
to check is to just move it elsewhere, restart Eclipse, and see what
happens. :)

Remy
Re: password storage and ui [message #624629 is a reply to message #624451] Mon, 15 December 2008 15:11 Go to previous messageGo to next message
Hallvard Traetteberg is currently offline Hallvard TraettebergFriend
Messages: 601
Registered: July 2009
Location: Trondheim, Norway
Senior Member
Scott Lewis wrote:
> Hi Hallvard,
>
> I should say that currently the password information is *not* stored
> across Eclipse sessions. The password is not persistently stored on
> disk (which is why, if you exit Eclipse and restart, then login to one
> of the stored accounts, you will be re-prompted to enter the password).

Well, I am re-prompted to enter the password, but the password I used in the
previous session is filled in, so I just have to accept. This also happens if I
exit and restart Eclipse.

As suggested in the other reply, I tried removing
eclipse/configuration/org.eclipse.core.runtime/.keyring, and that worked as I
wanted!

Hallvard
Re: password storage and ui [message #624631 is a reply to message #624629] Mon, 15 December 2008 19:28 Go to previous message
Scott Lewis is currently offline Scott LewisFriend
Messages: 974
Registered: July 2009
Senior Member
Hi Hallvard,

Hallvard Trætteberg wrote:
> Scott Lewis wrote:
>> Hi Hallvard,
>>
>> I should say that currently the password information is *not* stored
>> across Eclipse sessions. The password is not persistently stored on
>> disk (which is why, if you exit Eclipse and restart, then login to one
>> of the stored accounts, you will be re-prompted to enter the password).
>
> Well, I am re-prompted to enter the password, but the password I used in
> the previous session is filled in, so I just have to accept. This also
> happens if I exit and restart Eclipse.
>
> As suggested in the other reply, I tried removing
> eclipse/configuration/org.eclipse.core.runtime/.keyring, and that worked
> as I wanted!

OK, good. My apologies about the incorrect information WRT persistence.

But note that for ECF 3.0 we will likely be moving to storing account
information in the Equinox ISecurePreferences storage...perhaps by using
the org.eclipse.ecf.storage plugin.

Once this is in place, it will be necessary to remove stored passwords
from the Equinox secure preferences. There is a UI (in Eclipse
preferences) for doing this in 3.4, but I'm not sure what it will look
like in 3.5, as I expect some work in Equinox security to be taking
place in the Galileo release cycle...and that's not work that this group
is doing.
Previous Topic:remote extension - is it supported by r-OSGi?
Next Topic:Problems with file transfer over XMPP
Goto Forum:
  


Current Time: Fri Nov 28 07:30:55 GMT 2014

Powered by FUDForum. Page generated in 0.02409 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software