Tidying up password storage in Amarok
Matěj Laitl
matej at laitl.cz
Thu Apr 12 20:22:05 UTC 2012
On 11. 4. 2012 Andrzej J. R. Hunt wrote:
> I've just been looking at the way all the plugins use their passwords.
> It seems a redesign would be needed to allow password entry manually:
> currently the plugins stay disabled until a password is stored, once one
> is stored, they use this every startup to authenticate with their
> service. If you want to be able to have the user asked for login details
> every startup you would need to change the plugins to repeatedly ask for
> passwords until they can login (e.g. in case there is a typo in the
> password etc.), rather than just having them ask for a password once
> (since they assume the passwords are stored correctly), and then fail
> silently when the password doesn't work (this at least is the case for
> LastFM).
>
> Therefore I think it's probably better to work on the assumption that
> all passwords are stored on disk -- I wouldn't think it too unreasonable
> to expect those, who want a specific password not to be in plaintext, to
> go to the bother of setting up KWallet (or whatever other backends are
> added) correctly?
Yes. That would add too much complexity for little gain.
> Incidentally the MySQL configuration interface is implemented using
> KConfigXT (an xml file which is translated to c++, which then writes to
> plaintext, if I've understood it correctly), i.e. the settings aren't
> stored in KWallet. I'll look into whether that can be changed when I'm
> migrating the plugins to use PasswordManager.
You're right. I think that it suffices to score just the database login name and
password in KWallet, other options should be left in KConfigXT.
Thanks for your work on unifying password handling in Amarok, we really need
to clean up current mess.
Matěj
More information about the Amarok-devel
mailing list