Re: how not use plain text password in RBTools
On 05/25/2010 04:08 AM, Christian Hammond wrote: Hi, Cookies can only be matched against fully-qualified domains. This isn't a Review Board restriction, but rather a restriction of nearly every HTTP client implementation that deals with cookies. This is why post-review is asking you every time. If you were to use a fully-qualified domain inside the network, the problem would go away. As of right now, there is no other way to bypass the login request other than putting parameters on the command line. In the future, the plan is to be able to specify default arguments in a config file in your home directory, which you could then set permissions on to 600. You could store the username/password there, if you really felt like it. Christian Something you could try: add to /etc/hosts this line: 10.0.0.1 reviewboard.example.com (Substituting the correct IP address) Then you can use "reviewboard.example.com" as your fully-qualified domain in post-review, and it should set the cookies correctly. (Obviously, this requires a client-side change on all machines, so a much better long-term solution would be to set up a DNS server) -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Re: how not use plain text password in RBTools
Hi, Cookies can only be matched against fully-qualified domains. This isn't a Review Board restriction, but rather a restriction of nearly every HTTP client implementation that deals with cookies. This is why post-review is asking you every time. If you were to use a fully-qualified domain inside the network, the problem would go away. As of right now, there is no other way to bypass the login request other than putting parameters on the command line. In the future, the plan is to be able to specify default arguments in a config file in your home directory, which you could then set permissions on to 600. You could store the username/password there, if you really felt like it. Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Tue, May 25, 2010 at 12:06 AM, hayate wrote: > Hi Christian, > > Our case is not accessing reviewboard via browser, but using command > line tool post-review.exe to submit request. > And our server isn't using fully-qualified domain, just running in > internal network. > > Thanks. > > On Tue, May 25, 2010 at 1:46 PM, Christian Hammond > wrote: > > Hi, > > > > If your Review Board server is using a fully-qualified domain > > (foo.example.com instead of just foo) then post-review should be storing > a > > cookie in the user's home directory for a year, instead of prompting > every > > time. > > > > What type of authentication are you using? Is the domain a > fully-qualified > > domain? > > > > Christian > > > > -- > > Christian Hammond - chip...@chipx86.com > > Review Board - http://www.reviewboard.org > > VMware, Inc. - http://www.vmware.com > > > > > > On Mon, May 24, 2010 at 7:08 PM, hayate wrote: > >> > >> Currently we use post-review with perforce to submit review request, > >> but we don't wanna input password every time. > >> However the password in the command line is plain text, is there a way > >> to use encrypted or hashed password? > >> > >> Thanks all you guys > >> > >> -- > >> Want to help the Review Board project? Donate today at > >> http://www.reviewboard.org/donate/ > >> Happy user? Let us know at http://www.reviewboard.org/users/ > >> -~--~~~~--~~--~--~--- > >> To unsubscribe from this group, send email to > >> reviewboard+unsubscr...@googlegroups.com > >> For more options, visit this group at > >> http://groups.google.com/group/reviewboard?hl=en > > > > -- > > Want to help the Review Board project? Donate today at > > http://www.reviewboard.org/donate/ > > Happy user? Let us know at http://www.reviewboard.org/users/ > > -~--~~~~--~~--~--~--- > > To unsubscribe from this group, send email to > > reviewboard+unsubscr...@googlegroups.com > > For more options, visit this group at > > http://groups.google.com/group/reviewboard?hl=en > > -- > Want to help the Review Board project? Donate today at > http://www.reviewboard.org/donate/ > Happy user? Let us know at http://www.reviewboard.org/users/ > -~--~~~~--~~--~--~--- > To unsubscribe from this group, send email to > reviewboard+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/reviewboard?hl=en > -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Re: how not use plain text password in RBTools
Hi Christian, Our case is not accessing reviewboard via browser, but using command line tool post-review.exe to submit request. And our server isn't using fully-qualified domain, just running in internal network. Thanks. On Tue, May 25, 2010 at 1:46 PM, Christian Hammond wrote: > Hi, > > If your Review Board server is using a fully-qualified domain > (foo.example.com instead of just foo) then post-review should be storing a > cookie in the user's home directory for a year, instead of prompting every > time. > > What type of authentication are you using? Is the domain a fully-qualified > domain? > > Christian > > -- > Christian Hammond - chip...@chipx86.com > Review Board - http://www.reviewboard.org > VMware, Inc. - http://www.vmware.com > > > On Mon, May 24, 2010 at 7:08 PM, hayate wrote: >> >> Currently we use post-review with perforce to submit review request, >> but we don't wanna input password every time. >> However the password in the command line is plain text, is there a way >> to use encrypted or hashed password? >> >> Thanks all you guys >> >> -- >> Want to help the Review Board project? Donate today at >> http://www.reviewboard.org/donate/ >> Happy user? Let us know at http://www.reviewboard.org/users/ >> -~--~~~~--~~--~--~--- >> To unsubscribe from this group, send email to >> reviewboard+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group/reviewboard?hl=en > > -- > Want to help the Review Board project? Donate today at > http://www.reviewboard.org/donate/ > Happy user? Let us know at http://www.reviewboard.org/users/ > -~--~~~~--~~--~--~--- > To unsubscribe from this group, send email to > reviewboard+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/reviewboard?hl=en -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Re: how not use plain text password in RBTools
Hi, If your Review Board server is using a fully-qualified domain ( foo.example.com instead of just foo) then post-review should be storing a cookie in the user's home directory for a year, instead of prompting every time. What type of authentication are you using? Is the domain a fully-qualified domain? Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Mon, May 24, 2010 at 7:08 PM, hayate wrote: > Currently we use post-review with perforce to submit review request, > but we don't wanna input password every time. > However the password in the command line is plain text, is there a way > to use encrypted or hashed password? > > Thanks all you guys > > -- > Want to help the Review Board project? Donate today at > http://www.reviewboard.org/donate/ > Happy user? Let us know at http://www.reviewboard.org/users/ > -~--~~~~--~~--~--~--- > To unsubscribe from this group, send email to > reviewboard+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/reviewboard?hl=en -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en