Bugzilla – Full Text Bug Listing
| Summary: | Move secure storage view into the preference page | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Eclipse Project] Equinox | Reporter: | Benjamin Muskalla <b.muskalla> | ||||||
| Component: | Security | Assignee: | Security Inbox <equinox.security-inbox> | ||||||
| Status: | RESOLVED FIXED | QA Contact: | |||||||
| Severity: | normal | ||||||||
| Priority: | P3 | CC: | bokowski, caniszczyk, eclipse, mknauer, mwflaher, ob1.eclipse, tjwatson | ||||||
| Version: | unspecified | ||||||||
| Target Milestone: | 3.4 M7 | ||||||||
| Hardware: | PC | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Attachments: |
|
||||||||
|
Description
Benjamin Muskalla
As for usefulness, it is intended for: a) developers - to check contents of the secure storage to see if your code that uses secure storage works as it should b) users of Eclipse SDK - to check the contents of the secure storage to see what's stored there and be able to directly add/remove data in case workaround is needed The view is not indended as a primary mean of entering information (that is done via ISecurePreferences) but as a way to check what actually is there. In terms on existing analogs think about Plug-in Registry view. The view could be moved into its own category away from the "General" category but than we'll have to add another category and somebody will surely object to that :-). Moving it into preferences? *To me* it is a bit too obscure - it is a view afterall and it would not be my natural inclanation to open Preferences to find it. But I'll see what other people think about it. (A note in cluttering: this view is not added to any perspective by default.) (In reply to comment #1) > As for usefulness, it is intended for: > > a) developers - to check contents of the secure storage to see if your code > that uses secure storage works as it should > > b) users of Eclipse SDK - to check the contents of the secure storage to see > what's stored there and be able to directly add/remove data in case workaround > is needed > I think this is particularly useful and cool, but I am biased because I am a developer and heavy Eclipse user that understands what secure storage is. I must admit it feels more like a useful developer/debug tool than an end user view. The analogy to the plugin registry view is likely very close, but that is also a plug-in developer view and not intended for end users. (In reply to comment #2) > I must admit it feels more like a useful developer/debug tool than an end user > view. Views (or UI features in general) are part of: - RCP if they should be in every RCP application - IDE (org.eclipse.platform feature) if they should be in every IDE based on Eclipse - JDT if they are needed for Java development - PDE if they are needed for Plug-in development. Where does the Secure Storage view fit in? (In reply to comment #1) > The view is not indended as a primary mean of entering information (that is > done via ISecurePreferences) but as a way to check what actually is there. What do you mean by ISecurePreferences? How does this manifest in the UI? If we need a place where you can check what is stored (do we? we didn't have this in the past), why is a preference page not a good idea? Firefox allows you to look at its list of stored passwords on one of its preference pages, for example. How do other applications expose similar functionality? (In reply to comment #3) > Where does the Secure Storage view fit in? From that list - PDE. Do you think that list reflects Eclipse artifact packaging rather then customers? A basic alternative list from a customer view point would be: - I am an end user and use Eclipse-based RCP - I am a developer and I use Eclipse SDK + something in my day work - I am a developer and I use Eclipse SDK + something to make Eclipse plugins (+ lots and lots of niches) Secure storage is one feature and is not spread across RCP/IDE/JDT. At present it is included in the SDK, but not in the RCP (we try to keep RCP small). I am fine with *moving* the view somewhere, such as PDE category rather than "General" category - in fact, it might be a good idea - it would make it a bit more obscure which is good. *Removing* it is no-no in my book - it is way too useful. *Modifying* it (such as changing it from a view to a part of a preference page) should depend on a cost/benefit: what do we gain by making it a Preference page as opposing to the view? (As for the cost - we have 2 weeks left till the end of M7 which is the last real Eclipse 3.4 iteration.) I agree with Boris in that this is very much like Firefox's master password functionality. They do much of the UI in preference pages. I also think that we will find that this functionality is applicable to RCP apps in general. For instance, any RCP application that wishes to access remote services and provide some level of single sign-on will want to use this subsystem. Having a preference page available to manage the passwords is gravy, but many will wish to manage the password information in the context of the associated service information - consider our existing case of CVS repository editing. So I guess I do think the aggregated view of passwords is useful and should remain (perhaps in RCP), but its applicability will vary with the degree of end user sophistication. Created attachment 96869 [details] Mock up of a secure storage view moved into the preference page Another aspect I am thinking about doing in relation to bug 227310 is to add a Debug-like property to the org.eclipse.equinox.security bundle and add contenxt menus (both modify and "show value" commands) only if that value is enabled. That way developers would still have an ability to modify contents and see what's where while users will be "protected" :-). Created attachment 96897 [details]
Patch
The patch moves functionality from a Secure Storage view into a new "Contents" tab on the preference page.
The context menu items are only added if debug/storage debug option is enabled.
Chaging title from "Remove Secure Storage View" to "Move secure storage view into the preference page". Patch applied to CVS Head. |