[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Moving files from lisp/gnus/ to lisp/net/?
From: |
Richard Stallman |
Subject: |
Re: Moving files from lisp/gnus/ to lisp/net/? |
Date: |
Fri, 02 Nov 2007 11:02:36 -0400 |
Here's what I said about read-passwd and password.el in 2004. Setting
aside what I said about the short term, the main issue seems to be
whether to cache passwords.
Simon, what do you think about this now?
What do others think?
First message:
It occurs to me that paranoid people might be worried about saving
passwords in a cache like this. What do people know about that issue?
The text added to the manual is clear enough. I have some issues
about the substance:
-- Function: read-passwd prompt &optional confirm default
This function reads a password, prompting with PROMPT. It does
not echo the password as the user types it; instead, it echoes `.'
for each character in the password.
This ought to use the cache now, but the text does not say so.
(Later): It looks like all you did was move read-passwd into
password.el without changing it. What I suggested was to integrate
read-passwd into this file--which means, make it use the cache.
There is no sense in moving read-passwd into the new file without
making it use the new file's facilities. That change only causes
password.el to be loaded for programs that don't use the cache.
It provides no benefit.
So if its definition is to remain unchanged, it should stay in subr.el
where it is preloaded. But I would rather see it move to password.el
and *take advantage of the facilities of password.el*.
Can this be done?
-- Function: password-read prompt key
Read a password from the user, using `read-passwd', prompting with
PROMPT. If a password has been stored in the password cache,
using `password-cache-add' on the same KEY, it is returned
directly, without querying the user.
Once read-passwd uses the cache, won't password-read be obsolete?
Why have both password-read and password-read-and-add?
Why not always add? Is the idea that for some purposes
it is ok to cache, but for others it is too risky?
Second message:
Other applications typically ask the user whether they want to
remember the password in memory. If read-passwd is changed to cache
passwords (however, to use the cache, callers of read-passwd must be
updated, to provide the "key" into the hash table), it could ask the
user this. Opinions on this welcome.
Having it always ask would be too annoying, I think. So that would
need to be a new argument, which means the feature is no benefit
unless we change the callers.
That is the wrong thing to do at present. So I think we should put
read-passwd back where it was and remove the new file for now.
Looking ahead to the future,
> Why have both password-read and password-read-and-add?
> Why not always add? Is the idea that for some purposes
> it is ok to cache, but for others it is too risky?
No, the reason was this: if the user entered an incorrect password, it
should not be cached. If an incorrect password is cached, the code
might infloop trying the incorrect password automatically over and
over again. It was considered safer to first read the password, then
try to use it, and if successful then it is cached.
In that case, password-read-and-add makes no sense, right?
Why add a shortcut that in best practice should not be used?
I'm not sure my argument is good, it may be simpler to always cache,
and have the calling code invoke password-cache-remove whenever there
is a password failure.
That is a reasonable alternative, I guess, but then password-read
should add the password and we should not have password-read-and-add
as a separate entry point.
But it doesn't make sense to discuss this without dealing with the
question of whether caching of correct passwords is desirable.
- Re: Moving files from lisp/gnus/ to lisp/net/?,
Richard Stallman <=
- Re: Moving files from lisp/gnus/ to lisp/net/?, Simon Josefsson, 2007/11/05
- Re: Moving files from lisp/gnus/ to lisp/net/?, Richard Stallman, 2007/11/06
- Re: Moving files from lisp/gnus/ to lisp/net/?, Daiki Ueno, 2007/11/06
- Re: Moving files from lisp/gnus/ to lisp/net/?, Richard Stallman, 2007/11/07
- Re: Moving files from lisp/gnus/ to lisp/net/?, Daiki Ueno, 2007/11/07
- Re: Moving files from lisp/gnus/ to lisp/net/?, Richard Stallman, 2007/11/08
- Message not available
- Fwd: Moving files from lisp/gnus/ to lisp/net/?, Daiki Ueno, 2007/11/09
- Message not available
- Message not available
- Re: Moving files from lisp/gnus/ to lisp/net/?, Daiki Ueno, 2007/11/09
- Re: Moving files from lisp/gnus/ to lisp/net/?, Daiki Ueno, 2007/11/10
- Re: Moving files from lisp/gnus/ to lisp/net/?, Stefan Monnier, 2007/11/10