Tidying up password storage in Amarok

Bart Cerneels bart.cerneels at kde.org
Fri Apr 13 09:09:13 UTC 2012 

On Thu, Apr 12, 2012 at 22:22, Matěj Laitl <matej at laitl.cz> wrote:
>
> On 11. 4. 2012 Andrzej J. R. Hunt wrote:
> > I've just been looking at the way all the plugins use their passwords.
> > It seems a redesign would be needed to allow password entry manually:
> > currently the plugins stay disabled until a password is stored, once one
> > is stored, they use this every startup to authenticate with their
> > service. If you want to be able to have the user asked for login details
> > every startup you would need to change the plugins to repeatedly ask for
> > passwords until they can login (e.g. in case there is a typo in the
> > password etc.), rather than just having them ask for a password once
> > (since they assume the passwords are stored correctly), and then fail
> > silently when the password doesn't work (this at least is the case for
> > LastFM).
> >
> > Therefore I think it's probably better to work on the assumption that
> > all passwords are stored on disk -- I wouldn't think it too unreasonable
> > to expect those, who want a specific password not to be in plaintext, to
> > go to the bother of setting up KWallet (or whatever other backends are
> > added) correctly?
>
> Yes. That would add too much complexity for little gain.
>
> > Incidentally the MySQL configuration interface is implemented using
> > KConfigXT (an xml file which is translated to c++, which then writes to
> > plaintext, if I've understood it correctly), i.e. the settings aren't
> > stored in KWallet. I'll look into whether that can be changed when I'm
> > migrating the plugins to use PasswordManager.
>
> You're right. I think that it suffices to score just the database login name and
> password in KWallet, other options should be left in KConfigXT.
>

I don't think it's really needed to move that to KWallet. People using
an external mysql server know how to set a unique name for their own
local database. I'm not aware of any complaints about that. Even there
wouldbe, I can't justify raising code complexity for it. If you want
to change this, do it in a separate patch after the main one is
accepted.

More information about the Amarok-devel mailing list