[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [ide-dev] Having to log in to the IDE?
|
Stephan,
Yes, you can open a bug pretty much against any project that stores
anything in the secure storage because the fundamental implementation
problem is that it works well on Windows, and Mac, but sucks on Linux.
So a simple solution (conceptually if not actually) is to fix the Linux
implementation to use some type of native key ring support (no doubt
there with 15 different variants of that, perhaps with at least two per
GTK variant).
The problem at the design level are questions such as how can I know
whether secure storage is accessible yet, how can I know whether it will
be prompted if I do try access it, how can I know whether it contains a
password for something that needs a password (i.e., some server access)
without providing a master password to find out if there's something
useful already in the store?
It's clear that on Linux, Firefox can store passwords and does not need
you to enter a master password to use those stored passwords, so it's
certainly a problem that's solvable... No doubt, given enough design
effort, the use of stored passwords could be deferred as long as
possible, and some additional storage could be used to remember whether
the actual storage contains secure values that are useful to try to
fetch. But in the end, it's hard (for me) to motivate large
investments in Linux-only problems.
There are some pretty large organizations out there, that use Linux
significantly, that could invest in solving such a problem, but perhaps
they too have investment motivation problems...
Regards,
Ed
On 14.03.2017 20:03, Stephan Herrmann wrote:
Thanks Andrey, I've debugged some of these situations in the past.
The reason I'm raising the issue on this list is: I feel the
concept is broken by design. Filing bugs against all clients
of secure storage is a game nobody can win, in particular as long
as there is no agreement about good citizenship in this regard.
Am I missing anything?
Stephan
On 14.03.2017 19:55, Andrey Loskutov wrote:
Stephan,
This can be git client trying to read your repo informaton and may be
configuring access to remote, but to be sure, please run jstack next
time and fill a bug for the component you will find guilty :).
Am 14. März 2017 19:17:58 MEZ schrieb Stephan Herrmann
<stephan.herrmann@xxxxxxxxx>:
Why do I have to log in, before I can use my (desktop) IDE?
Here's what I see:
- I live on Linux where Eclipse's secure storage is not backed by any
domain login,
but requires manually entering the password.
- I install Eclipse for simrel via Oomph.
- First thing Eclipse asks me before even doing anything is to enter my
password
for secure storage.
I don't like this for several reasons:
- I tend to use a good password for secure storage, so having to type
in the
password is a real disruption. I have to concentrate on s.t. that is
not my main
focus of work.
- That dialog doesn't give the faintest hint as to *why* my password is
required,
maybe fraud?
- Even considering the specific purpose of the setup for Simrel
contribution,
I cannot think of any reason why my password should be required.
I would be *a lot happier* with the Eclipse IDE if some or all of the
following would change:
- No password dialog without specifying a reason
- No password dialog from background jobs, ever.
- No component requesting access to secure storage in an Oomph setup
where this isn't needed.
Is it just me? How do others feel about this?
Stephan
_______________________________________________
ide-dev mailing list
ide-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe
from this list, visit
https://dev.eclipse.org/mailman/listinfo/ide-dev
--
Kind regards,
Andrey Loskutov
http://google.com/+AndreyLoskutov
_______________________________________________
ide-dev mailing list
ide-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or
unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/ide-dev