[sldev] RFC: design proposal for VWR-1071

[Carlo Wood]

On Tue, Jul 14, 2009 at 06:43:43PM -0700, Cypren Christenson wrote:
> Melinda:
> * Clearing the list: I was thinking about adding a new button to the
> Preferences panel, probably under Network (since there's already a
> "clear cache" button there) that says "clear login history".
> ("Clearly" this will require i18n translation; maybe this is a good
> time to ask how that's usually handled for the project?)

I am sure many people will uncheck the box saying "remember password"
in the assumption that it will keep the First/Last name and just
remove the password. Therefore it should do just that.

> Thanks again for everyone's comments and criticism. Keep it coming!

I'm using the same name on multiple grids...

It is a security problem for me that the viewer only remembers a
single password and uses it regardless of the grid.

In order to use this feature (remembering passwords) savely, the
viewer should first be grid-aware.

Maybe also add the login-uri in the password database file?

Ie,

Carlo|Wood|http://login.example.com:8000|passwd1
Carlo|Wood|http://login.foobar.com:8002|passwd2

And then only use a password if the already chosen login uri matches.

Actually, using LSL serialization, I'd go for storing this
as a map with the uri as key. Not sure about the exact LSL
but something like the following would result:

<map>
<key>http://login.example.com:8000</key>
  <map>
  <key>FirstName</key>
    <string>Carlo</string>
  <key>LastName</key>
    <string>Wood</string>
  <key>PasswdHash</key>
    <string>passwd1</string>
  </map>
<key>http://login.foobar.com:8002</key>
  <map>
  <key>FirstName</key>
    <string>Carlo</string>
  <key>LastName</key>
    <string>Wood</string>
  <key>PasswdHash</key>
    <string>passwd2</string>
  </map>
</map>

-- 
Carlo Wood <carlo at alinoe.com>