Re: [SyncEvolution] cmdline --keyring --print-config: should it show real password or "-"?
On Tue, 2009-09-22 at 13:17 +0100, Zhu, Yongsheng wrote:
I prefer to 'not showing password' when printing config for
the
purpose of password protection. Password exposure could
increase the risk of information security. I think typically users
don't often want to see passwords.
Well, I have the situation right now where I'd love to see a password in
another app on Windows. The app has the password, I don't remember what
it is, and the app is not offering me an option to show it to me.
Okay, so for the sake of consistency (other apps hide the real password,
so does our own GUI) I agree that we can keep it like it is right now.
If necessary to show password, I think we could provide another
option
to force showing password in the command line.
Let's wait for user feedback.
To limit abuse, maybe we could need users to input their passwords
for
current Linux(or other systems) login user.
Once the user is logged in and the keyring is unlocked, the user has
access to the passwords. Asking for the user password again isn't going
to secure the data, it just makes our own app harder to use.
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.