Robert Vojta wrote: > On 10/31/06, Mathias Bauer <[EMAIL PROTECTED]> wrote: > >> We have a password container that can collect passwords at runtime and >> keeps them. Currently we don't store passwords persistently (only in >> memory), though the implementation would be there. It uses a >> configuration backend and the passwords can be "sealed" with a master >> password. > > Sounds like good news to me ... Can you tell me in which module is > this implementation? Is this implementation enabled by default and not > used or it's just there and nobody is using it? Are those passwords > (sealed with a master password) encrypted?
Yes, the master password is used to encrypt the other passwords. It is not enabled but currently it can't be enabled just by setting a configuration switch. To force the password container to store passwords one line of code must be changed in uui/source/iahndl.cxx. In this case we should perhaps make it configurable wether passwords are stored or not in the future. Until now we didn't want to use storing passwords in OOo so we didn't add the code to make it configurable. I don't remember why (would be fine to have a spec so that we could find out the reason for this decision ;-)). >> The whole implementation is encapsulated into a UNO service and if >> somebody wanted we could show him the ropes and discuss possible ways to >> integrate with other "backends". > > Hmm, I think that the Mozilla approach is better. Lot of backends on > all available platforms - never ending job. If persistently stored > passwords can be encrypted, configuration backend fits all needs for > this feature. In what way is the Mozilla approach different to our current one? We collect passwords, remember them and (optionally) save them into a configuration file. The only difference IIRC is that we don't save passwords without a master password. I just mentioned the "backend" because I thought that you wanted to use something external to OOo. I don't know what the keyring manager is but I think that the passwordcontainer code could possibly be changed to use it instead of storing them into its own configuration files. But if that is OK for you forget that I mentioned possible integrations with other backends. BTW: the password container is used for http or ftp access, not for document passwords. It would be possible to extend it for this case though. Ciao, Mathias -- Mathias Bauer - OpenOffice.org Application Framework Project Lead Please reply to the list only, [EMAIL PROTECTED] is a spam sink. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
