Philippe Nobili wrote: > > Here is a suggestion for improving the way XXE manages bad credentials > when accessing remote XML documents (WebDAV in our case). > > Description: > Two causes of frequent problems (remote documents accessed through > WebDAV using enterprise LDAP for logins and passwords). > > 1. If the login/password provided by the user are wrong, a) the file's > URI is not remembered by XXE (minor) b) The login/password information > is only asked once by XXE and the user has to quit and restart the > application to get a second chance to access the resource. > > 2. If the 'Remember Password' option is checked (not a good thing, but > it may happen), there is no way to re-enter the new password if it has > changed.
Even when the 'Remember Password' option is checked, the user is prompted to confirm her/his password once per editing session. Therefore, in all cases, when you have problems, you need to restart the application. > > Rationale: > Authentication servers may be temporarily unavailable, authentication > policies may force frequent password changes. > > Suggestion: > If accessing a remote resources using a previous login and password > fails, let the user enter a login and password again. > > We are well aware of this problem. We haven't found a way to solve it. If my memory serves me well, the reason is that, using our current HTTP client implementation, we have no way to know that the connection to the WebDAV server has failed due to invalid authentication credentials.
