http://bugzilla.moblin.org/show_bug.cgi?id=7838
--- Comment #38 from pohly <[email protected]> 2010-04-13 23:53:24 PST --- (In reply to comment #37) > (In reply to comment #36) > > (In reply to comment #35) > > Key point that I haven't seen discussed is: > > - How does the user set up a server so that it > > can create new configs correctly? In particular, > > which username/password is expected by the server? > Using 'SyncEvolution Client' template is enough (of source syncURL should set > correctly), username/password was already inside the template. In other words, the whole world knows the credentials which are necessary to connect to my machine, create a config and access my data, and that as soon as I start syncevo-http-server. This is not secure ;-) I see several solutions: 1. Add username/password as command line options to syncevo-http-server, communicate them to syncevo-dbus-server when a new request comes in, using new keys in the meta information. syncevo-dbus-server then uses those credentials. 2. We add new config properties, to be set inside ~/.config/syncevolution/config.ini, which specify the default credentials. In both cases creating new configs is disabled if no credentials are set. Solution 1 has the advantage that this feature is discoverable by users of syncevo-http-server and can be set on a case-by-case basis (run daemon with specific credentials, connect with new client, restart daemon without credentials or different ones for a different client). Solution 2 has the advantage that it can (and should) reuse the secure password storage features of syncevo-dbus-server. I tend to prefer solution 1, although it might be worth asking on the mailing list. > > - What is the naming of the new configs? > The name is 'deviceID-time', any better ideas? Can we compose the name from manufacturer + model? That may only work after completing the sync and thus would depend on renaming the config. > > I'm not sure yet whether we need the property. Can't we just define that > > configuration "temporary-config" is "reusable"? > That can work if we hook at the end of the first successful session, at which > point we have to rename the config from 'temporary-config' to a permanent > config for that peer 'deviceID-time' > It works but I think renaming a configuration is a bit confusing. Why? Because the user sees a "temporary-config"? -- Configure bugmail: http://bugzilla.moblin.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching someone on the CC list of the bug. _______________________________________________ Syncevolution-issues mailing list [email protected] http://lists.syncevolution.org/listinfo/syncevolution-issues
