Re: [cpan-questions #32443] Re: rt.cpan.org keeps logging me out.
On Tue, 22 Nov 2016, Shlomi Fish wrote: The problem is that in order to improve the security of my passwords, I keep them all encrypted using a master password. Firefox has a built-in feature for that and, if you don't set a master passwords then the passwords are stored using a relatively easy-to-reverse process which every process on the local system can use (or at least those running as the local user). There's some old discussion of it here: http://catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/ar01s09.html Since my firefox password is non-trivial, entering it to fill in the rt.cpan.org password whenever I restart firefox, restart my https://en.wikipedia.org/wiki/X_Window_System or restart the machine (for a new kernel, glibc, etc.) is quite a hassle. What will make my life more tolerable would be a browser add-on that will allow me to keep the rt.cpan.org password (and only that) unencrypted (as I already have it in "~/.pause" anyway). Perhaps this is just me, but there seems to be some cognitive dissonance here. You've clearly put some thought into the security of your passwords, yet you're putting less thought into securing a session token? Or you want a plugin to bypass the normal browser key store? Maybe I'm overthinking this. But, then, I don't trust browsers to begin with. I don't want them maintaining any kind of state for me over any significant length of time. --Arthur Corliss Live Free or Die
Re: [cpan-questions #32443] Re: rt.cpan.org keeps logging me out.
Shlomi Fish: > What will make my life more tolerable would be a browser add-on > that will allow me to keep the rt.cpan.org password (and only > that) unencrypted (as I already have it in "~/.pause" anyway). Have you tried to pin the firefox tab once you've logged into rt.cpan.org? It did work for me: just right click on the tab and then on Pin: https://support.mozilla.org/en-US/kb/pinned-tabs-keep-favorite-websites-open Actually, if I leave the rt.cpan.org window open and quit firefox (I have it configured to open all my previous tabs) the session cookie still works when I start firefox again. However, if I close the tab before restarting, it asks the login password again. So session cookies seem to persist after restarting if you tell firefox to remember the current tabs. Other possible options you have are using one of the several cookie addons available for firefox to modify the session cookie and make it persistent, or something like lastpass addon to remember the passwords that you don't want to store in firefox. Hope this helps, Alex
Re: [cpan-questions #32443] Re: rt.cpan.org keeps logging me out.
Hi Karen, On Mon, Nov 21, 2016 at 7:59 PM, Karen Etheridgewrote: > What is the big deal in having to log in again? If you save your > credentials in your browser, it's literally just one more click. > > The problem is that in order to improve the security of my passwords, I keep them all encrypted using a master password. Firefox has a built-in feature for that and, if you don't set a master passwords then the passwords are stored using a relatively easy-to-reverse process which every process on the local system can use (or at least those running as the local user). There's some old discussion of it here: http://catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/ar01s09.html Since my firefox password is non-trivial, entering it to fill in the rt.cpan.org password whenever I restart firefox, restart my https://en.wikipedia.org/wiki/X_Window_System or restart the machine (for a new kernel, glibc, etc.) is quite a hassle. What will make my life more tolerable would be a browser add-on that will allow me to keep the rt.cpan.org password (and only that) unencrypted (as I already have it in "~/.pause" anyway). > I'd like to thank the RT admins in providing this service free to the Perl > community; it is really awesome that a bug queue is created automatically > for every distribution without the authors having to do a single thing to > set it up. > I'd like to thank them too, but having to login time and again is still a fly in the ointment. Regards, -- Shlomi Fish > > On Mon, Nov 21, 2016 at 7:45 AM, Shlomi Fish wrote: > >> Hello Shawn, >> >> sorry for the late response. I'm CCing module-authors becase you did not >> explicitly specify that you wish this reply to be kept private. >> >> On Fri, Nov 18, 2016 at 5:56 PM, Shawn M Moore via RT < >> cpan-questi...@bestpractical.com> wrote: >> >>> On Fri Nov 18 06:01:48 2016, shlo...@gmail.com wrote: >>> > Dear rt-cpan-admin >>> >>> Hi Shlomi, >>> >>> > On Sat, Feb 27, 2016 at 1:00 PM, Shlomi Fish wrote: >>> > >>> > > Dear sirs and madams, >>> > > >>> > > thanks for maintaining http://rt.cpan.org/ . >>> > > >>> > > There is, however, a long-standing problem with it that the site keeps >>> > > logging me out (usually after I close my browser), and I keep having to >>> > > login again. This makes it frustrating to use rt.cpan.org. Please fix it >>> > > as soon as possible. >>> >>> RT uses session cookies (also called transient cookies) which, as you >>> describe, usually clear when you close your browser. It's a tradeoff we >>> make for security. >>> >>> I see. That sounds like a very bad trade off in this day and age, >> because people often need to reboot for new kernel / new libc / system >> update / etc. or they need to restart their browsers because they either >> crashed or started consuming too much RAM (and as you may know - browsers >> like Firefox or GChromium have recently become memory hogs). >> >> I suppose I can convert to use GitHub Issues / GitLab Issues / Bitbucket >> Issues / etc. - at least for my own CPAN distributions - but this will >> involve a lot of manual tweaking and uploading new versions. Perhaps it >> will be the last straw for creating my own Dist Zilla PluginBundle. >> >> Regards, >> >> -- Shlomi Fish >> >> >> >>> > > Regards, >>> > > >>> > > -- Shlomi Fish >>> >>> Best, >>> Shawn >>> >>> >> >> >> -- >> Shlomi Fish http://www.shlomifish.org/ >> >> You can never truly appreciate The Gilmore Girls until you've watched it >> in the original Klingon. >> >> Please reply to list if it's a mailing list post - http://shlom.in/reply >> . >> > > -- Shlomi Fish http://www.shlomifish.org/ You can never truly appreciate The Gilmore Girls until you've watched it in the original Klingon. Please reply to list if it's a mailing list post - http://shlom.in/reply .
Re: [cpan-questions #32443] Re: rt.cpan.org keeps logging me out.
What is the big deal in having to log in again? If you save your credentials in your browser, it's literally just one more click. I'd like to thank the RT admins in providing this service free to the Perl community; it is really awesome that a bug queue is created automatically for every distribution without the authors having to do a single thing to set it up. On Mon, Nov 21, 2016 at 7:45 AM, Shlomi Fishwrote: > Hello Shawn, > > sorry for the late response. I'm CCing module-authors becase you did not > explicitly specify that you wish this reply to be kept private. > > On Fri, Nov 18, 2016 at 5:56 PM, Shawn M Moore via RT < > cpan-questi...@bestpractical.com> wrote: > >> On Fri Nov 18 06:01:48 2016, shlo...@gmail.com wrote: >> > Dear rt-cpan-admin >> >> Hi Shlomi, >> >> > On Sat, Feb 27, 2016 at 1:00 PM, Shlomi Fish wrote: >> > >> > > Dear sirs and madams, >> > > >> > > thanks for maintaining http://rt.cpan.org/ . >> > > >> > > There is, however, a long-standing problem with it that the site keeps >> > > logging me out (usually after I close my browser), and I keep having to >> > > login again. This makes it frustrating to use rt.cpan.org. Please fix it >> > > as soon as possible. >> >> RT uses session cookies (also called transient cookies) which, as you >> describe, usually clear when you close your browser. It's a tradeoff we make >> for security. >> >> I see. That sounds like a very bad trade off in this day and age, because > people often need to reboot for new kernel / new libc / system update / > etc. or they need to restart their browsers because they either crashed or > started consuming too much RAM (and as you may know - browsers like Firefox > or GChromium have recently become memory hogs). > > I suppose I can convert to use GitHub Issues / GitLab Issues / Bitbucket > Issues / etc. - at least for my own CPAN distributions - but this will > involve a lot of manual tweaking and uploading new versions. Perhaps it > will be the last straw for creating my own Dist Zilla PluginBundle. > > Regards, > > -- Shlomi Fish > > > >> > > Regards, >> > > >> > > -- Shlomi Fish >> >> Best, >> Shawn >> >> > > > -- > Shlomi Fish http://www.shlomifish.org/ > > You can never truly appreciate The Gilmore Girls until you've watched it > in the original Klingon. > > Please reply to list if it's a mailing list post - http://shlom.in/reply . >
Re: [cpan-questions #32443] Re: rt.cpan.org keeps logging me out.
Hello Shawn, sorry for the late response. I'm CCing module-authors becase you did not explicitly specify that you wish this reply to be kept private. On Fri, Nov 18, 2016 at 5:56 PM, Shawn M Moore via RT < cpan-questi...@bestpractical.com> wrote: > On Fri Nov 18 06:01:48 2016, shlo...@gmail.com wrote: > > Dear rt-cpan-admin > > Hi Shlomi, > > > On Sat, Feb 27, 2016 at 1:00 PM, Shlomi Fishwrote: > > > > > Dear sirs and madams, > > > > > > thanks for maintaining http://rt.cpan.org/ . > > > > > > There is, however, a long-standing problem with it that the site keeps > > > logging me out (usually after I close my browser), and I keep having to > > > login again. This makes it frustrating to use rt.cpan.org. Please fix it > > > as soon as possible. > > RT uses session cookies (also called transient cookies) which, as you > describe, usually clear when you close your browser. It's a tradeoff we make > for security. > > I see. That sounds like a very bad trade off in this day and age, because people often need to reboot for new kernel / new libc / system update / etc. or they need to restart their browsers because they either crashed or started consuming too much RAM (and as you may know - browsers like Firefox or GChromium have recently become memory hogs). I suppose I can convert to use GitHub Issues / GitLab Issues / Bitbucket Issues / etc. - at least for my own CPAN distributions - but this will involve a lot of manual tweaking and uploading new versions. Perhaps it will be the last straw for creating my own Dist Zilla PluginBundle. Regards, -- Shlomi Fish > > > > Regards, > > > > > > -- Shlomi Fish > > Best, > Shawn > > -- Shlomi Fish http://www.shlomifish.org/ You can never truly appreciate The Gilmore Girls until you've watched it in the original Klingon. Please reply to list if it's a mailing list post - http://shlom.in/reply .