Home » Archived » Eclipse Communications Framework (ECF) » password storage and ui
password storage and ui [message #624449] |
Thu, 11 December 2008 10:31 |
Hallvard Traetteberg Messages: 673 Registered: July 2009 Location: Trondheim, Norway |
Senior Member |
|
|
Hi,
I'm preparing a pre-configured Eclipse with a project on a memory stick. The
idea is setting everything up, so the (other) users of the memory stick can
continue where I left. This way, nothing needs to be set up by them.
ECF is one of the things my users should utilize, including chat and shared
editor, so I'm testing it using my own XMPP user. I notice that Eclipse
remembers my XMPP user and password across sessions, and since both Eclipse and
the workspace is on the memory stick, I fear that they (user name and password)
will stick (pun intended), too.
So the question is, where is the password stored and how can I clear it. I found
a reference to the user name in the workspace' metadata
(.metadata\.plugins\org.eclipse.ecf.provider.xmpp.ui\dialog_ settings.xml) but
couldn't find the password. I suppose it should be stored in a secure manner,
but couldn't find out how or where.
Hallvard
|
|
|
Re: password storage and ui [message #624451 is a reply to message #624449] |
Sun, 14 December 2008 02:19 |
Scott Lewis Messages: 1038 Registered: July 2009 |
Senior Member |
|
|
Hi Hallvard,
Hallvard Trætteberg wrote:
> Hi,
>
> I'm preparing a pre-configured Eclipse with a project on a memory stick.
> The idea is setting everything up, so the (other) users of the memory
> stick can continue where I left. This way, nothing needs to be set up by
> them.
>
> ECF is one of the things my users should utilize, including chat and
> shared editor, so I'm testing it using my own XMPP user. I notice that
> Eclipse remembers my XMPP user and password across sessions, and since
> both Eclipse and the workspace is on the memory stick, I fear that they
> (user name and password) will stick (pun intended), too.
>
> So the question is, where is the password stored and how can I clear it.
> I found a reference to the user name in the workspace' metadata
> (.metadata\.plugins\org.eclipse.ecf.provider.xmpp.ui\dialog_ settings.xml)
> but couldn't find the password. I suppose it should be stored in a
> secure manner, but couldn't find out how or where.
I should say that currently the password information is *not* stored
across Eclipse sessions. The password is not persistently stored on
disk (which is why, if you exit Eclipse and restart, then login to one
of the stored accounts, you will be re-prompted to enter the password).
So I don't think it will be necessary for you to explicitly remove
anything, as the password is not stored on disk.
Incidently, if you want to also remove the user accounts, these are
stored in
..metadata\.plugins\org.eclipse.ecf.provider.xmpp.ui\dialog_ settings.xml
We are/will be looking to move over to using the new Equinox Secure
Preferences Factory in
org.eclipse.equinox.security.storage.SecurePreferencesFactor y. This
will allow the passwords to be stored persistently (across Eclipse
sessions), and with real security/encryption. I've created an
enhancement request to that effect here:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=258743
Also, with the secure preferences mechanism, it's possible to remove
things from the secure storage (and it is done on a user-specific basis).
Some background about existing mechanisms:
To store passwords *within* a session, are currently using the
Platform.getAuthorizationInfo(URL serverUrl, String realm, String
authScheme) method. This is implemented in the following ECF helper class:
org.eclipse.ecf.ui.util.PasswordCacheHelper...and ECF uses the following
params for the get/setAuthorizationInfo calls:
URL=http://org.eclipse.ecf.ui
realm=<connect id>
(where connect id for xmpp would be "slewis@ecf.eclipse.org")
authScheme="" <empty string>
>
> Hallvard
|
|
|
Re: password storage and ui [message #624452 is a reply to message #624449] |
Sun, 14 December 2008 07:59 |
Eclipse User |
|
|
|
Originally posted by: remy.suen.gmail.com
Hallvard Trætteberg wrote:
> So the question is, where is the password stored and how can I clear it.
I believe this is in the
eclipse/configuration/org.eclipse.core.runtime/.keyring file. Best way
to check is to just move it elsewhere, restart Eclipse, and see what
happens. :)
Remy
|
|
|
Re: password storage and ui [message #624629 is a reply to message #624451] |
Mon, 15 December 2008 15:11 |
Hallvard Traetteberg Messages: 673 Registered: July 2009 Location: Trondheim, Norway |
Senior Member |
|
|
Scott Lewis wrote:
> Hi Hallvard,
>
> I should say that currently the password information is *not* stored
> across Eclipse sessions. The password is not persistently stored on
> disk (which is why, if you exit Eclipse and restart, then login to one
> of the stored accounts, you will be re-prompted to enter the password).
Well, I am re-prompted to enter the password, but the password I used in the
previous session is filled in, so I just have to accept. This also happens if I
exit and restart Eclipse.
As suggested in the other reply, I tried removing
eclipse/configuration/org.eclipse.core.runtime/.keyring, and that worked as I
wanted!
Hallvard
|
|
|
Re: password storage and ui [message #624631 is a reply to message #624629] |
Mon, 15 December 2008 19:28 |
Scott Lewis Messages: 1038 Registered: July 2009 |
Senior Member |
|
|
Hi Hallvard,
Hallvard Trætteberg wrote:
> Scott Lewis wrote:
>> Hi Hallvard,
>>
>> I should say that currently the password information is *not* stored
>> across Eclipse sessions. The password is not persistently stored on
>> disk (which is why, if you exit Eclipse and restart, then login to one
>> of the stored accounts, you will be re-prompted to enter the password).
>
> Well, I am re-prompted to enter the password, but the password I used in
> the previous session is filled in, so I just have to accept. This also
> happens if I exit and restart Eclipse.
>
> As suggested in the other reply, I tried removing
> eclipse/configuration/org.eclipse.core.runtime/.keyring, and that worked
> as I wanted!
OK, good. My apologies about the incorrect information WRT persistence.
But note that for ECF 3.0 we will likely be moving to storing account
information in the Equinox ISecurePreferences storage...perhaps by using
the org.eclipse.ecf.storage plugin.
Once this is in place, it will be necessary to remove stored passwords
from the Equinox secure preferences. There is a UI (in Eclipse
preferences) for doing this in 3.4, but I'm not sure what it will look
like in 3.5, as I expect some work in Equinox security to be taking
place in the Galileo release cycle...and that's not work that this group
is doing.
|
|
|
|
|
Goto Forum:
Current Time: Tue Apr 23 06:32:18 GMT 2024
Powered by FUDForum. Page generated in 0.03956 seconds
|