Task #1901
Feature #1888: Use secure storage for input passwords
Feature #1893: Create advanced XML secure password widget
Create secure storage module
Start date:
06/22/2017
Due date:
% Done:
100%
History
#1
Updated by Luke Murphey over 7 years ago
Updated by - Status changed from New to In Progress
#2
Updated by Luke Murphey over 7 years ago
- % Done changed from 0 to 70
I have a module that works but has some more work needed:
- Need to verify that the cleartext password is being removed
- Need to make sure that the correct entry is being loaded (since multiple entries with the same realm can be created)
I could still store the username in the conf file and keep the realm as the unique identifier.
#3
Updated by Luke Murphey over 7 years ago
I need to make sure that I can figure out which entry is the correct one to load. My options are:
- Store username in the conf, only use realm to identify the password
- Delete all related entries before creating a new one
- Store stanza name in conf
#4
Updated by Luke Murphey over 7 years ago
Storing the username in conf is the approach I am using because:
- Secure storage requires a password, thus just storing a username isn't possible
- Changing the username means the stanza name changes too for secure storage making the entry hard to find
#5
Updated by Luke Murphey over 7 years ago
The password field won't clear and thus isn't removing the password from the conf file.
Observations:- Removing the clear creds function doesn't help
#6
Updated by Luke Murphey over 7 years ago
To test:
- Existing cleartext password is loaded
- Upon save, the cleartext password is removed
- If the password or username is cleared, existing secure credentials are removed
- Stanza name for password is properly created on creation and editing
#7
Updated by Luke Murphey over 7 years ago
- Status changed from In Progress to Closed
- % Done changed from 70 to 100