Behavior of SlaveBase::openPasswordDialog...
Dawit A
adawit at kde.org
Wed Apr 13 23:59:38 BST 2011
What was the reason behind changing the original behavior of
SlaveBase::openPasswordDialog ? Currently, this function automatically
caches the password the user entered even going as far as storing the
credentials in KWallet if available the the "Remember Password"
checkbox is checked. The documentation for
SlaveBase::cacheAuthentication now states
"openPasswordDialog already stores password information automatically,
you only need to call this function if you want to store
authentication information that is different from the information
returned by openPasswordDialog."
That is just completely the wrong thing to do. The reason why the act
of prompting the user for password was separated from the act of
storing them was the very small but very important fact that the
entered information could be completely wrong due to typos, forgotten
passwords etc etc. Automatically storing such information without the
ioslaves first verifying the information by trying it is just utterly
wrong. Do not take my word for it. You can test this on your own.
Simply mistype either the username or password to a protected resource
and see that incorrect information appear in kwalletmanager! *sigh*
Regards,
Dawit A.
More information about the kde-core-devel
mailing list