Tidying up password storage in Amarok
Matěj Laitl
matej at laitl.cz
Tue Apr 10 17:21:29 UTC 2012
On 9. 4. 2012 Andrzej J. R. Hunt wrote:
> I'd like to propose some changes to password storage in amarok, in
> particular the way KWallet is dealt with, and what is done if not available.
Good. This is IMO needed.
> Most plugins use KWallet, but some resort to plaintext if KWallet isn't
> available (and some ask the user to allow this) -- meaning similar code
> is replicated over many plugins [some plugins only use plaintext
> currently]. I propose to write a wrapper class ("PasswordManager" ?),
> which uses KWallet if available, but if KWallet turns out not to be
> available then the user is asked once whether to use plaintext storage,
> with this setting being remembered across all plugins.
Hmm, I may want to allow storing last.fm password in plain-text while
disabling to store MySQL pass in plain-text. The confirmation should be
probably per-plugin then.
> I would also add the option to PasswordManager to check for existing
> plaintext passwords, importing them to KWallet as necessary, to ease
> migration from older to newer versions of amarok (I could also add a
> panel to the amarok config allowing configuration of the password
> settings, i.e. to allow migration from plaintext to KWallet in case
> KWallet wasn't initally available, but becomes available; or the reverse
> -- that would be a later stage).
Sane, but I suggest it is implemented using the most invisible-to-user way.
(even if it would lead to some compromises) For example there are 2 or 3
popups when Amarok is first started, which I find rather embarrassing. (always
think of your grandma using Amarok)
Cheers,
Matěj
More information about the Amarok-devel
mailing list