Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 2059

Summary: [Workbench] CVS password saving between session (1GDX7JK)
Product: [Eclipse Project] Platform Reporter: Philipe Mulet <philippe_mulet>
Component: UIAssignee: platform-cvs-inbox <platform-cvs-inbox>
Status: RESOLVED FIXED QA Contact:
Severity: enhancement    
Priority: P4 CC: Kevin_McGuire
Version: 2.0Keywords: investigate
Target Milestone: 3.0 M9   
Hardware: All   
OS: All   
Whiteboard:

Description Philipe Mulet CLA 2001-10-10 22:25:34 EDT 
It does not feel right that we do not re-ask the password for an existing CVS 
connection in between session. In case I gave my workspace to someone else,
he would become granted with all access rights suddenly, just because I left 
some connections open.

This should maybe be configurable at least, so I can flush the information.

NOTES:

KM (5/18/01 12:12:39 PM)
	This supported is provided by the password keyring mechanism in Core.

	It was decided that as a lowbar the UI would not support clearing it (you go and delete it).
	Clearing on startup would need to be provided by Core.
	This is either a Core or UI PR, depending on which solution one believes is right.

JM (5/20/2001 11:25:17 PM)
	The core support is explicitly support for authentication information across sessions.
	Clearing on startup basically defeats the purpose of the mechanism.
	This information is, by default, kept with the workspace.  For whatever reason it was
	decided that we would not expose a notion of login or user etc so the previously entered
	passwords are automatically available.  The only options to address this real issue are:
		1) make users real
		2) don't use the provided mechanism.
	#1 is unlikely to happen.  #2 while potentially feasible, is likely low on the priority list.

	Don't know where to go from here.

KM (21/05/01 6:33:32 PM)
	This feels like a future PR for UI to support "Clear password cache" menu operation.
	This is keeping with what we agreed in planning.
	We at least should ensure that people know where to find the keyring file to delete
	(Core should provide info to DOC/Kerri for June release).
	
JM (6/2/2001 1:11:54 AM)
	Moving to VCM.  There were questoins last week about the flush API so I assume that VCM
	is adding some UI for clearing the password info.  The documentation on how to use that
	should go with the rest of the VCM doc.

KM (6/2/01 4:19:19 PM)
	We are not adding at this time.
	General password management should be supported by UI but decision was to hold off for June.
	Moving to UI for future.
Comment 1 DJ Houghton CLA 2001-10-29 17:48:42 EST 
PRODUCT VERSION:
SDK 0.108
Comment 2 Kevin Haaland CLA 2002-02-07 20:42:52 EST 
Defer until higher priority items are complete
Comment 3 Randy Giffen CLA 2002-08-07 11:01:12 EDT 
Reopen for investigation
Comment 4 Kevin Haaland CLA 2003-02-07 13:46:29 EST 
There are no plans for the UI team to work on this defect report until higher 
priority items are addressed.
Comment 5 Jean-Michel Lemieux CLA 2004-04-14 15:38:30 EDT 
Because of the important security concerns with passwords, I've gone ahead an
implemented the following for the CVS plug-in:
1. passwords are no longer cached silently. The user must select the "save
password" box which is followed by a warning that the saved password is only
obscured and not encrypted.
2. the user can see the list of saved passwords, and clear the cache.
This seems to address the original concerns raised by this PR...over 3 years ago :)
Comment 6 Jean-Michel Lemieux CLA 2004-04-14 15:38:46 EDT 
Fix released to HEAD.
Comment 7 Jean-Michel Lemieux CLA 2004-04-14 15:40:13 EDT 
*** Bug 5336 has been marked as a duplicate of this bug. ***