Hi Ruben,
> Mailplane has a small change: > For accounts that don't store their password in the keychain, Mailplane > will always present the authentication dialog the first time you access the > account. You need to be online, too. > As far as I know, this has always been the case with Mailplane - not until I started using Offline Gmail access on one of the accounts, which has led to all the other accounts having their passwords stored in an unknown manner? Are these changes for an upcoming "Cutting Edge" build for 2.1 beta? > > Accounts with a stored password will only ask for a password if you change > the username/ password or when your session expires. > > > On Wed, Feb 4, 2009 at 7:03 PM, Kinny Cheng <[email protected]> wrote: > >> Thanks Ruben! >> Always appreciate your attention to those little details - things that >> make Mailplane so great to use... :) >> >> 2009/2/5 Ruben Bakker <[email protected]> >> >> Hi Kinny, >>> Thanks for your explanation. I think I now understand your requirements. >>> I'll try to find a solution... >>> >>> >>> On Wed, Feb 4, 2009 at 8:32 AM, Kinny Cheng <[email protected]> wrote: >>> >>>> Thanks for the insight, Jesse. >>>> It makes sense that this seems to be what's happening at the moment. >>>> But the fact is, it makes no sense whatsoever to cache authentication for >>>> accounts other than the one with the offline access enabled. >>>> >>>> And the theory of "allowing Offline access for one, it is on for all" >>>> doesn't fly either. >>>> >>>> Imagine: if I shared a computer with the family, and where everyone has >>>> their own Gmail account/s, this would mean granting me full access to all >>>> those accounts without me even having to enter in a password, which is >>>> usually required. >>>> >>>> I agree with Ruben, that Gmail seems to have overlooked the security >>>> implications of offline Gmail access. >>>> >>>> >>>> 2009/2/4 Jesse Read <[email protected]> >>>> >>>> While I am no GMail engineer (or any Google dev at all) I would think >>>>> that based on the way Gears works (via WebKit I believe, hence you only >>>>> need >>>>> to install it via on app and it is available to all WebKit based apps) if >>>>> you allow Offline access for one, it is on all - at least in terms of >>>>> cached >>>>> authentication. >>>>> I may be wrong though, in fact I probably am. Ruben should be able to >>>>> get more insight. >>>>> >>>>> -- Jesse >>>>> >>>>> >>>>> >>>>> On Tue, Feb 3, 2009 at 1:58 PM, Kinny Cheng <[email protected]>wrote: >>>>> >>>>>> Hi Ruben, >>>>>> I'm not sure if I understand you correctly. But... >>>>>> >>>>>> I remember you mentioning previously that passwords are now saved >>>>>>>> for accounts that use Offline Gmail - meaning that, even if I didn't >>>>>>>> choose >>>>>>>> to store my password in Mailplane, Google Gears would still do this >>>>>>>> anyway? >>>>>>>> >>>>>>> >>>>>>> If you enabled the "Store password in Keychain" setting, passwords >>>>>>> are only stored in the keychain. What Gmail stores is a session cookie, >>>>>>> it >>>>>>> doens't contain any username/password. It is used by Gmail to >>>>>>> communicate >>>>>>> with their servers. >>>>>>> >>>>>> >>>>>> I did not elect to have any of my Gmail passwords stored to my >>>>>> keychain. This is because I would prefer to enter my password each time >>>>>> I >>>>>> access a specific Gmail account, per Mailplane session. >>>>>> >>>>>> I am okay with being able to switch between the different accounts >>>>>> freely after I've done the initial authentication. But once I choose to >>>>>> not >>>>>> need the access to email anymore, I just quit Mailplane. The next time I >>>>>> start Mailplane, it'll ask me for my Gmail password - which is what I >>>>>> want, >>>>>> and which has how it's always been since day one. >>>>>> >>>>>> >>>>>> >>>>>>> >>>>>>> When Online: >>>>>>> If you start Mailplane or switch to an account, Gmail will use the >>>>>>> cookie for the account in question. It takes about 10 days to get the >>>>>>> authentication window again. >>>>>>> >>>>>>> When Offline: >>>>>>> >>>>>>> Gmail directly opens the offline store, neither a password, nor a >>>>>>> cookie is required to access it! See these "Offline Gmail" threads for >>>>>>> more >>>>>>> information: >>>>>>> >>>>>>> >>>>>>> http://groups.google.com/group/gmail-labs-help-offline/browse_thread/thread/231787671b5c72d7# >>>>>>> >>>>>>> >>>>>>> http://groups.google.com/group/gmail-labs-help-offline/browse_thread/thread/0d8c442af1147b97# >>>>>>> >>>>>>> >>>>>>> Mailplane 2.0.1 always authenticates your account before granting >>>>>>> access, even if you had a valid cookie. Because of the new offline >>>>>>> support >>>>>>> this made no sense anymore, as it can only authenticate when online. >>>>>>> This is >>>>>>> why I removed it from 2.1-beta. >>>>>>> >>>>>> >>>>>> This is the part I can't seem to get my head around. But anyway, >>>>>> please fill me in where I may not be understanding you... >>>>>> >>>>>> My dilemma, or rather my question, is this: Why have my other Gmail >>>>>> accounts, with no offline access activated, become openly accessible each >>>>>> time I open Mailplane? >>>>>> >>>>>> I have seven different Gmail accounts, three of which I frequently >>>>>> access, and one of these with the offline access enabled. >>>>>> >>>>>> As per your explanation, I can fully understand why my offline-enabled >>>>>> account no longer requires me to enter a password to access. >>>>>> >>>>>> But for the other two Gmail accounts, it makes no sense whatsoever as >>>>>> to why they are accessible without the usual password authentication >>>>>> anymore >>>>>> - since each account should be mutually exclusive of one another. >>>>>> >>>>>> For example: Each time I start Mailplane, it would open up the >>>>>> offline-enabled Gmail account. When I want to switch to another >>>>>> account, I >>>>>> would usually expect the pop-up dialog and ask me for the respective >>>>>> password (since it's the first time I'm accessing the account for this >>>>>> Mailplane session). But with the latest Beta, it no longer does this >>>>>> and, >>>>>> instead, goes to my account's inbox right away. >>>>>> >>>>>> Hope you understand where I am coming from, and what I'm trying to >>>>>> describe here. >>>>>> >>>>>> >>>>>> Cheers, >>>>>> Kinny >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> A stronger security measures for offline data needs to be implemented >>>>>>> by Google. Even if Mailplane would ask you for Username/Password and >>>>>>> would >>>>>>> not store any cookies you could still access your offline data by using >>>>>>> Safari or any other WebKit browser. >>>>>>> >>>>>>> >>>>>>> For me, no other measures are needed. I have other personal data >>>>>>> stored in my Mac's account. No other user is using my Mac, and I have >>>>>>> password protected my account. >>>>>>> >>>>>>> Maybe you could share some details about your requirements. Do you >>>>>>> have some accounts that you use online only and are more sensitive than >>>>>>> other you use offline? >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Ruben >>>>>>> http://mailplaneapp.com/blog >>>>>>> http://www.twitter.com/Mailplane >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>> >>> >>> -- >>> Ruben >>> http://mailplaneapp.com/blog >>> http://www.twitter.com/Mailplane >>> >>> >>> >> >> >> > > > -- > Ruben > http://mailplaneapp.com/blog > http://www.twitter.com/Mailplane > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "mailplaneapp" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/mailplaneapp?hl=en -~----------~----~----~----~------~----~------~--~---
