On Fri, 2010-10-08 at 11:03 +0200, Patrick Ohly wrote:
> On Fri, 2010-10-08 at 08:28 +0100, Alberto Mardegan wrote:
> > On 10/07/2010 02:09 PM, Patrick Ohly wrote:
> > > There still is confusion around Accounts&SSO and what it does.
> > > Specifically, storing plain text passwords in it is under dispute.
> > >
> > > Alberto closed a corresponding feature request in the MeeGo 1.0 time
> > > frame, saying that it works and gave some example code:
> > > http://bugs.meego.com/show_bug.cgi?id=5017
> > >
> > > But now Sateesh disagrees and says that "retrieving the credentials is
> > > something that is not officially supported or is going to be removed and
> > > is not going to be supported in
> > > future." (http://bugs.meego.com/show_bug.cgi?id=8027#c4)
> >
> > Retrieving the plain credentials is something we are discouraging, because
> > of
> > security reasons. [...]
>
> Okay, so that is probably what Sateesh was thinking of in his statement.
> For SyncML, the plain text password may be needed (basic auth method).
> For the MD5 hash method, an Accounts&SSO plugin might be able to do the
> necessary hashing. But given the time frames and that not all servers
> necessarily support the second method, we should focus on retrieving the
> password. Same applies to other apps, as you said.
MeeGo's version of the Qt Messaging Framework (QMF) also uses the
"password" method to retrieve the plain text password back out of
Accounts&SSO. From H_2010W36-0maemo9-2-gc598718:
src/plugins/messageservices/imap/imapclient.cpp: const QString ssoMethod =
QLatin1String("password");
src/plugins/messageservices/smtp/smtpclient.cpp: session =
identity->createSession(QLatin1String("password"));
$ grep -r -i credentialsId src/
src/plugins/messageservices/imap/imapclient.cpp: const quint32 credentialsId
= account->credentialsId();
src/plugins/messageservices/imap/imapclient.cpp: _identity =
SignOn::Identity::existingIdentity(credentialsId, this);
src/plugins/messageservices/smtp/smtpclient.cpp: const quint32 credentialsId
= account->credentialsId();
src/plugins/messageservices/smtp/smtpclient.cpp: identity =
Identity::existingIdentity(credentialsId, this);
What I haven't found is where this credentials ID is set or where
identities are created. In other words, a grep for IdentityInfo comes up
empty. Isn't there an API that QMF apps can use to create accounts,
including credentials, which then need to be stored in a new identity?
Carl, what are you using in the handset mail app?
Moises or Vitaly, can you help out and explain to me how these
identities in libsignon are created?
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
_______________________________________________
MeeGo-dev mailing list
[email protected]
http://lists.meego.com/listinfo/meego-dev
