On quinta-feira, 25 de julho de 2013 10:34:09, Tony Rietwyk wrote: > I wanted to avoid keeping the password in memory after the login process. > Popping up the login dialog on the client at the point where they try to > communicate is really messy. But I suppose it is just as messy, doing that > when the awaken occurs. I'll try keeping the password, and attempting a > silent reconnect.
Well, you should keep a time-limited cookie, which grants you access for, say, 8 hours or 24 hours. If the machine has slept for longer, the cookie expires and you'll have to ask the user for a password. It's actually preferable to do that. Suppose the laptop gets stolen while suspended. It's a better idea to require the password. Besides, unlimited cookies are always a problem, since they could allow an attacker that obtained the cookie to continue using it many days later. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Interest mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/interest
