Review Request 125723: Add options to select password storage to all password fields

Thomas Pfeiffer colomar at autistici.org
Wed Oct 21 11:24:29 UTC 2015 


> On Oct. 21, 2015, 7:41 a.m., Heiko Tietze wrote:
> > Looks very nice. But the question is whether or not users understand the status quickly and if the dropdown menu is clear enough (the eye is a toggle button). The alternative solution is just a radio button group below the input, which is furthermore easily accessible by disabled people.
> > 
> > I'd place the "ask everytime" option as the first item since it is the default.
> 
> Jan Grulich wrote:
>     Having a radio button group below each password field would make it heavy I would say. I'm trying to remove as much visible components I can to make it more simple.
>     
>     The "ask everytime" option is not the default option, the default option should be to store secrets for the current user which should store secrets to KWallet.
> 
> Lamarque Souza wrote:
>     I agree with Jan that radio button group would pollute the ui. Talking about the default option, wouldn't be better make "Always Ask" the default for VPN connections? I know that is not consistent with the current default, but VPN is kind of a special case since usually whoever is using it is more concerned about security than convenience. By the way, good job at improving Plasma NM.
> 
> Jan Grulich wrote:
>     I agree, using "always ask" as default for VPN connections is something we should consider. 
>     
>     And thanks, plasma-nm is my passion so I don't have to force myself to make it better :).

I guess the source of the miscommunication between Heiko and you is that the screenshot you chose is the simples scenario possible. In the case WPA & WPA 2 Personal (PSK) there is indeed just that one field, and plenty of space to put a radio button group right in the dialog.
I assume what you are worried about are the more complex security setting scenarios, where the dialog is already full of fields and controls anyway, and I can understand why you don't want to put even more stuff in those dialogs.

While I agree with Heiko that many users may not even notice the option at all, I don't think that's a big problem as long as the default option is a safe one.

I have a few other concerns, though.
1. Are the passwords stored in NM encrypted? I guess not, in which case this has to be made clear to the user, because it increases the security risk. Although this makes the label quite long, I'd put "(not encrypted)" at the end, and "encrypted" behind the single-user option. Security-relevant information has to be made available to the user.
2. With the option "ask every time", the password is not stored at all, right? So why would I enter a password in the dialog, only to then tell the software to not store it? That does not really make sense, since this is not the place where you connect for the first time. For consistency, I'd vote for having a "store password" checkbox before the password field, like in most other places where one has the option to store a password, and to only enable the field when that checkbox is clicked
3. "everytime" is not an English word, it has to be "every time"
4. It has to be "for all users"


- Thomas


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/125723/#review87177
-----------------------------------------------------------


On Oct. 21, 2015, 6:12 a.m., Jan Grulich wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/125723/
> -----------------------------------------------------------
> 
> (Updated Oct. 21, 2015, 6:12 a.m.)
> 
> 
> Review request for Network Management, KDE Usability and Lamarque Souza.
> 
> 
> Bugs: 340707
>     http://bugs.kde.org/show_bug.cgi?id=340707
> 
> 
> Repository: plasma-nm
> 
> 
> Description
> -------
> 
> I took again inspiration from nm-connection-editor and extended our editor to allow to users select password storage. Now each password field has an option to either store password to all users (store it to NM) or to current user (store it to KWallet) or do not store it at all (user will be prompted) or tell NM that the password is not required at all (available only for some connection types). Also during transformation of strongswan vpn plugin I found out that strongswan shouldn't support password storing at all (according to NM plugin) so I removed it accordingly.
> 
> + this patch also tries to fix couple of coding style issues as usual
> 
> Screenshot:
> ![Screenshot of new options](https://jgrulich.fedorapeople.org/nm-password-options.png)
> 
> 
> Diffs
> -----
> 
>   libs/editor/connectiondetaileditor.cpp aa09d1f 
>   libs/editor/settings/bondwidget.h 2c64c31 
>   libs/editor/settings/bondwidget.cpp dbd2cf2 
>   libs/editor/settings/bridgewidget.h a322083 
>   libs/editor/settings/bridgewidget.cpp 3dc1889 
>   libs/editor/settings/btwidget.h 84a8f71 
>   libs/editor/settings/btwidget.cpp e2e9972 
>   libs/editor/settings/cdmawidget.h bbffe0d 
>   libs/editor/settings/cdmawidget.cpp f361d9e 
>   libs/editor/settings/gsmwidget.h 69d4cfd 
>   libs/editor/settings/gsmwidget.cpp 941f411 
>   libs/editor/settings/infinibandwidget.h 2c90b7f 
>   libs/editor/settings/infinibandwidget.cpp 55dfb97 
>   libs/editor/settings/ipv4widget.h a993211 
>   libs/editor/settings/ipv4widget.cpp d7e893f 
>   libs/editor/settings/ipv6widget.h 4a1f472 
>   libs/editor/settings/ipv6widget.cpp 62e96ff 
>   libs/editor/settings/pppoewidget.h 4570bba 
>   libs/editor/settings/pppoewidget.cpp 0fa4ea2 
>   libs/editor/settings/pppwidget.h 0c088ce 
>   libs/editor/settings/pppwidget.cpp 7185b7d 
>   libs/editor/settings/security802-1x.h cb5dbec 
>   libs/editor/settings/security802-1x.cpp 21929b8 
>   libs/editor/settings/teamwidget.h 39821c2 
>   libs/editor/settings/teamwidget.cpp 3db2b7a 
>   libs/editor/settings/ui/802-1x.ui f1bc058 
>   libs/editor/settings/ui/cdma.ui 9805021 
>   libs/editor/settings/ui/gsm.ui 87891cc 
>   libs/editor/settings/vlanwidget.h fabeaca 
>   libs/editor/settings/vlanwidget.cpp 5e083fa 
>   libs/editor/settings/wificonnectionwidget.h 35a59d3 
>   libs/editor/settings/wificonnectionwidget.cpp d35ec45 
>   libs/editor/settings/wifisecurity.h a263c32 
>   libs/editor/settings/wifisecurity.cpp 4d9c811 
>   libs/editor/settings/wimaxwidget.h c8f850d 
>   libs/editor/settings/wimaxwidget.cpp dcd212c 
>   libs/editor/settings/wiredconnectionwidget.h ed8dc88 
>   libs/editor/settings/wiredconnectionwidget.cpp d8fcd90 
>   libs/editor/settings/wiredsecurity.h a34731e 
>   libs/editor/settings/wiredsecurity.cpp 8fdb1cc 
>   libs/editor/widgets/passwordfield.h 1bd21a2 
>   libs/editor/widgets/passwordfield.cpp 05fe6dc 
>   libs/editor/widgets/settingwidget.h fdae197 
>   vpn/l2tp/l2tp.ui b04ebce 
>   vpn/l2tp/l2tpauth.h 54b6462 
>   vpn/l2tp/l2tpauth.cpp 7369458 
>   vpn/l2tp/l2tpwidget.h 1e4c383 
>   vpn/l2tp/l2tpwidget.cpp b278228 
>   vpn/openconnect/openconnectauth.h 9a77421 
>   vpn/openconnect/openconnectauth.cpp fecb16e 
>   vpn/openconnect/openconnectwidget.h ae0e9d2 
>   vpn/openconnect/openconnectwidget.cpp c293e52 
>   vpn/openswan/openswan.ui a6d61fa 
>   vpn/openswan/openswanauth.h aa78f88 
>   vpn/openswan/openswanauth.cpp 1fd79fb 
>   vpn/openswan/openswanwidget.h 55a54dd 
>   vpn/openswan/openswanwidget.cpp b94f752 
>   vpn/openvpn/openvpn.ui 1c49cad 
>   vpn/openvpn/openvpnadvanced.ui ce89ce1 
>   vpn/openvpn/openvpnadvancedwidget.h c0346ee 
>   vpn/openvpn/openvpnadvancedwidget.cpp 0864e35 
>   vpn/openvpn/openvpnauth.h dd3b564 
>   vpn/openvpn/openvpnauth.cpp 5250bc1 
>   vpn/openvpn/openvpnwidget.h 51d7aab 
>   vpn/openvpn/openvpnwidget.cpp e27e216 
>   vpn/pptp/pptpauth.h 1772c81 
>   vpn/pptp/pptpauth.cpp 8ffec08 
>   vpn/pptp/pptpprop.ui c713f24 
>   vpn/pptp/pptpwidget.h 2b25dd7 
>   vpn/pptp/pptpwidget.cpp 880d6c5 
>   vpn/ssh/sshauth.h 88dcebc 
>   vpn/ssh/sshauth.cpp 6e8ffa9 
>   vpn/ssh/sshwidget.h fa3f852 
>   vpn/ssh/sshwidget.cpp 7b3ad28 
>   vpn/ssh/sshwidget.ui 1d0300b 
>   vpn/sstp/sstpauth.h 08f5025 
>   vpn/sstp/sstpauth.cpp b452a73 
>   vpn/sstp/sstpwidget.h 0156b86 
>   vpn/sstp/sstpwidget.cpp 7ff68aa 
>   vpn/sstp/sstpwidget.ui 51dfc96 
>   vpn/strongswan/strongswanauth.h d23947d 
>   vpn/strongswan/strongswanauth.cpp f034abe 
>   vpn/strongswan/strongswanprop.ui 06fb254 
>   vpn/strongswan/strongswanwidget.h 7204ff5 
>   vpn/strongswan/strongswanwidget.cpp 094e81e 
>   vpn/vpnc/vpnc.ui fc83bf8 
>   vpn/vpnc/vpncauth.h eb24744 
>   vpn/vpnc/vpncauth.cpp 9142682 
>   vpn/vpnc/vpncwidget.h 9aa4ac8 
>   vpn/vpnc/vpncwidget.cpp 6aaffda 
> 
> Diff: https://git.reviewboard.kde.org/r/125723/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Jan Grulich
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-networkmanager/attachments/20151021/4289c29a/attachment.html>

More information about the kde-networkmanager mailing list