Community
Participate
Working Groups
From a post on eclipse.org. It would be good if we supported session only password caching since this would reduce security concerns. Aside from peace of mind for some users, some organizations may have security restrictions against a password being stored on disk. (This in addition to more evident keyring clearing support). ----- Original Message ----- From: "Steve Francisco" <cisco@ca.ibm.com> Newsgroups: eclipse.tools Sent: Monday, October 29, 2001 12:20 AM Subject: Re: Eclipse caching CVS passwords - how to flush ? > I just ran into this myself since it is time for me to change my passwords. In > many companies people are required to change their passwords once or twice a > year. After changing my password on the machine where CVS resides, I get > "can't access the server" error messages when trying to synchronize. Not a > clear indication of why it failed. I thought it was network problems for a > while. It seems like there are many ways to fix this: > a) give an option to not cache it beyond the active session > b) if an access attempt fails, prompt for a password > c) have a "clear password" button on the preferences page > > Has the solution been decided on yet? > > Having to tell people to delete their ./metadata/.keyring file isn't great. It > shines a spotlight on where encrypted passwords are stored. This isn't just an > Eclipse password, but one for accessing a remote system. If someone runs > Eclipse on an insecure network, this file could be snapped up and used to > access secure systems, couldn't it? > > -- Steve
No changes planned for 2.0
Reopening for consideration.
CVS already support session only passwords by keeping them in memory :) The security concerns have been fixed by the following bug 2059. *** This bug has been marked as a duplicate of 2059 ***
