Advice request on how to handle change in how Konqueror stores login information

Stefano Crocco stefano.crocco at alice.it
Sat Sep 21 13:16:47 BST 2024 

On sabato 21 settembre 2024 13:59:52 CEST Neal Gompa wrote:
> On Sat, Sep 21, 2024 at 2:39 AM Stefano Crocco <stefano.crocco at alice.it> 
wrote:
> > Hello to everyone,
> > I'd need an advice on how to proceed with a change I'm going to make in
> > Konqueror which could lead to data loss for the users. To improve the way
> > Konqueror auto-fills login information in web pages, I had to change (in a
> > way which depends on the page content) the name of the entries it uses to
> > store login information in KWallet. As a consequence, existing entries
> > won't be recognized anymore and users will have to enter them again the
> > first time they visit a page so that entries with the new names can be
> > created.
> > 
> > In theory, this shouldn't be more than an annoyance for users, but I'm
> > worried that there could be people who only relied on Konqueror to fill
> > passwords and didn't record them somewhere else: in this case, they
> > couldn't easily access their passwords anymore.
> > 
> > I've thought of three possible ways to proceed:
> > - ignore the issue. This is, obviously, the easiest choice but also the
> > most user-unfriendly
> > - display a KMessageWidget with information on how to recover the login
> > information from KWallet when the user tries accesses a page with login
> > information stored in the old way
> > - automatically rename entries when the user accesses a web page with
> > stored login information. This is the more user-friendly approach, but
> > also the more complex to code; besides I fear that there's no way to
> > determine which form on a given page corresponds to the data in the
> > wallet which is correct in every situation
> > - display a warning the first time the new Konqueror version is launched
> > describing the situation and how to manually retrieve login information
> > from KWallet. This could be a decent compromise between user-friendliness
> > and ease to code, but I'm not sure what is the best way do display the
> > warning: would a simple message box be suitable?
> > 
> > What do you think would be the best way to proceed?
> 
> Is there a way to automatically migrate logins to KWallet? That would
> be the ideal option.

Unfortunately this can't be done because the name of the entry where login 
information is stored is made by the URL of the page and the name or id of the 
form containing the elements where user name and password must be entered and 
Konqueror only has access to these information when the user visits a web 
page.

Another problem comes from the fact that, at least in some circumstances, it 
may not be possible to automatically determine the new name. The reason is 
that the old name was made by the URL of the page and the name of the form 
containing the user name and password fields. However, I realized that many 
pages use an id rather than a name for forms. This way, if a page contains 
more than one form, the two may end up sharing the same entry name, which is 
wrong. My solution was to use the form id instead of the form name when the 
form doesn't have a name. This means, however, that even having access to all 
the information about the forms in a page Konqueror may not be able to 
determine which the login information belongs to.

Stefano

More information about the kde-devel mailing list