Re: [cpan-questions #32443] Re: rt.cpan.org keeps logging me out.

2016-11-22 Thread Arthur Corliss 

On Tue, 22 Nov 2016, Shlomi Fish wrote:


The problem is that in order to improve the security of my passwords, I
keep them all encrypted using a master password. Firefox has a built-in
feature for that and, if you don't set a master passwords then the
passwords are stored using a relatively easy-to-reverse process which every
process on the local system can use (or at least those running as the local
user). There's some old discussion of it here:

http://catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/ar01s09.html

Since my firefox password is non-trivial, entering it to fill in the
rt.cpan.org password whenever I restart firefox, restart my
https://en.wikipedia.org/wiki/X_Window_System or restart the machine (for a
new kernel, glibc, etc.) is quite a hassle. What will make my life more
tolerable would be a browser add-on that will allow me to keep the
rt.cpan.org password (and only that) unencrypted (as I already have it in
"~/.pause" anyway).


Perhaps this is just me, but there seems to be some cognitive dissonance
here.  You've clearly put some thought into the security of your passwords,
yet you're putting less thought into securing a session token?  Or you want
a plugin to bypass the normal browser key store?

Maybe I'm overthinking this.  But, then, I don't trust browsers to begin
with.  I don't want them maintaining any kind of state for me over any
significant length of time.

--Arthur Corliss
  Live Free or Die

Re: [cpan-questions #32443] Re: rt.cpan.org keeps logging me out.

2016-11-22 Thread Alex Muntada 
Shlomi Fish:

> What will make my life more tolerable would be a browser add-on
> that will allow me to keep the rt.cpan.org password (and only
> that) unencrypted (as I already have it in "~/.pause" anyway).

Have you tried to pin the firefox tab once you've logged into
rt.cpan.org? It did work for me: just right click on the tab
and then on Pin:

https://support.mozilla.org/en-US/kb/pinned-tabs-keep-favorite-websites-open

Actually, if I leave the rt.cpan.org window open and quit firefox
(I have it configured to open all my previous tabs) the session
cookie still works when I start firefox again. However, if I close
the tab before restarting, it asks the login password again. So
session cookies seem to persist after restarting if you tell
firefox to remember the current tabs.

Other possible options you have are using one of the several
cookie addons available for firefox to modify the session cookie
and make it persistent, or something like lastpass addon to
remember the passwords that you don't want to store in firefox.

Hope this helps,
Alex