I finally got some time to sit down and code yesterday. While I do appreciate several people pointing me to the existing VWR-6891 patch as a starting point, I decided to start from scratch; I mean no disparagement whatsoever to the original contributor, but I felt that what we've discussed here changes the requirements sufficiently that it was easier to work from a clean slate.
Currently my code looks like this: http://cypren.net/images/sg_login_prototype1.png Per Ambrosia's earlier suggestion, I've moved the stored information out of the settings file and into its own file, login_history.xml, for better compatibility with viewers that do not implement the patch. Passwords are saved there using the same MAC-based encryption method used in password.dat, but base64 encoded as part of a serialized LLSD rather than in raw binary form. I currently have a fair bit of housekeeping to do (disabling and clearing the "remember password" box when "remember name" is unchecked, adding the new controls to other languages/skins, putting doxygen comments on all the classes and methods, etc) before releasing the patch for review, but most of the core work is done at this point and the design seems to be solid. Barring unforeseen problems or any more design change requests, I would guess it will be posted to JIRA in a day or two. Since the original bug was logged against VWR, but the earlier consensus seemed to be that the UI should be tested in Snowglobe first, should I create a new bug in JIRA against SNOW rather than uploading a VWR patch? On Jul 20, 2009, at 3:31 AM, Carlo Wood wrote: > Cypren, ping (see below)? > And how is it going over all? > > On Wed, Jul 15, 2009 at 12:19:50PM +0200, Carlo Wood wrote: >> On Tue, Jul 14, 2009 at 06:43:43PM -0700, Cypren Christenson wrote: >>> Melinda: >>> * Clearing the list: I was thinking about adding a new button to the >>> Preferences panel, probably under Network (since there's already a >>> "clear cache" button there) that says "clear login history". >>> ("Clearly" this will require i18n translation; maybe this is a good >>> time to ask how that's usually handled for the project?) >> >> I am sure many people will uncheck the box saying "remember password" >> in the assumption that it will keep the First/Last name and just >> remove the password. Therefore it should do just that. >> >>> Thanks again for everyone's comments and criticism. Keep it coming! >> >> I'm using the same name on multiple grids... >> >> It is a security problem for me that the viewer only remembers a >> single password and uses it regardless of the grid. >> >> In order to use this feature (remembering passwords) savely, the >> viewer should first be grid-aware. >> >> Maybe also add the login-uri in the password database file? >> >> Ie, >> >> Carlo|Wood|http://login.example.com:8000|passwd1 >> Carlo|Wood|http://login.foobar.com:8002|passwd2 >> >> And then only use a password if the already chosen login uri matches. >> >> Actually, using LSL serialization, I'd go for storing this >> as a map with the uri as key. Not sure about the exact LSL >> but something like the following would result: >> >> <map> >> <key>http://login.example.com:8000</key> >> <map> >> <key>FirstName</key> >> <string>Carlo</string> >> <key>LastName</key> >> <string>Wood</string> >> <key>PasswdHash</key> >> <string>passwd1</string> >> </map> >> <key>http://login.foobar.com:8002</key> >> <map> >> <key>FirstName</key> >> <string>Carlo</string> >> <key>LastName</key> >> <string>Wood</string> >> <key>PasswdHash</key> >> <string>passwd2</string> >> </map> >> </map> > > -- > Carlo Wood <ca...@alinoe.com> _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/SLDev Please read the policies before posting to keep unmoderated posting privileges
