'Re: Review Request: Using KWallet to store Cookies'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Review Request: Using KWallet to store Cookies
From:       José Millán Soto <fid () gpul ! org>
Date:       2010-10-26 1:45:28
Message-ID: 20101026014528.14042.51804 () vidsolbach ! de
[Download RAW message or body]

> On 2010-09-18 07:42:52, Michael Leupold wrote:
> > Regarding the Secret Storage spec and a possible migration to ksecretse=
rvice later-on the storage format should be alright. However, I'd suggest c=
hanging it a little bit for further benefit:
> > =

> > I'd mangle the domain name and the cookie name into the entry key, eg. =
"reviewboard.kde.org|rbsessionid", and store each single cookie as an entry=
. Like this you could avoid saving cookie.name() as map entry keys over and=
 over again. Further development could then easily include loading and stor=
ing cookies "on-the-fly", ie. you could load single cookies without having =
to load the whole domain. For the current use-case there shouldn't be a lot=
 of overhead if you do it like this either.
> > =

> > As I don't know too much about cookies I don't know if it's "the right =
way" though, it just looks cleaner. Maybe someone with more experience coul=
d take a look and comment if that would make sense.

I don't think it could be useful to load a single cookie without loading th=
e rest of the cookies of the domain, as every time an HTTP request is made,=
 all of them are sent to the server.
Moreover, creating a key for each cookie would also require to create anoth=
er key for the domain to avoid trying to open the wallet when no cookies ar=
e needed.


- Jos=C3=A9


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://svn.reviewboard.kde.org/r/4927/#review7675
-----------------------------------------------------------


On 2010-10-26 01:24:01, Jos=C3=A9 Mill=C3=A1n Soto wrote:
> =

> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://svn.reviewboard.kde.org/r/4927/
> -----------------------------------------------------------
> =

> (Updated 2010-10-26 01:24:01)
> =

> =

> Review request for kdelibs.
> =

> =

> Summary
> -------
> =

> Currently cookies are stored in a plain text file. This patch allows KCoo=
kieJar to store the cookies securely using KWallet.
> =

> The main problem I had writing this patch was that when a web page is req=
uested, KIO ask for the cookies to kded using dbus. In the first implementa=
tions that I wrote, if the user took too long to open the wallet, KIO recei=
ved a dbus timeout.
> =

> To prevent this, if it takes more than 10 seconds to open the wallet, the=
 web page will be requested without sending the cookies (or sending the ava=
ilable cookies if there's still the plain text cookie file). If the wallet =
is opened after that, the cookies stored in the wallet will be available si=
nce then.
> =

> Because of this, the feature is disabled by default.
> =

> =

> Diffs
> -----
> =

>   /trunk/KDE/kdebase/apps/konqueror/settings/kio/kcookiespolicies.cpp 118=
9829 =

>   /trunk/KDE/kdebase/apps/konqueror/settings/kio/kcookiespoliciesdlg.ui 1=
189829 =

>   /trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookiejar.h 1189787 =

>   /trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookiejar.cpp 1189787 =

>   /trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookieserver.h 1189787 =

>   /trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookieserver.cpp 1189787 =

> =

> Diff: http://svn.reviewboard.kde.org/r/4927/diff
> =

> =

> Testing
> -------
> =

> =

> Thanks,
> =

> Jos=C3=A9
> =

>


[Attachment #3 (text/html)]

<html>
 <body>
  <div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
   <table bgcolor="#f9f3c9" width="100%" cellpadding="8" style="border: 1px #c9c399 \
solid;">  <tr>
     <td>
      This is an automatically generated e-mail. To reply, visit:
      <a href="http://svn.reviewboard.kde.org/r/4927/">http://svn.reviewboard.kde.org/r/4927/</a>
  </td>
    </tr>
   </table>
   <br />





<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: \
10px;">  <p style="margin-top: 0;">On September 18th, 2010, 7:42 a.m., <b>Michael \
Leupold</b> wrote:</p>  <blockquote style="margin-left: 1em; border-left: 2px solid \
#d0d0d0; padding-left: 10px;">  <pre style="white-space: pre-wrap; white-space: \
-moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: \
break-word;">Regarding the Secret Storage spec and a possible migration to \
ksecretservice later-on the storage format should be alright. However, I&#39;d \
suggest changing it a little bit for further benefit:

I&#39;d mangle the domain name and the cookie name into the entry key, eg. \
&quot;reviewboard.kde.org|rbsessionid&quot;, and store each single cookie as an \
entry. Like this you could avoid saving cookie.name() as map entry keys over and over \
again. Further development could then easily include loading and storing cookies \
&quot;on-the-fly&quot;, ie. you could load single cookies without having to load the \
whole domain. For the current use-case there shouldn&#39;t be a lot of overhead if \
you do it like this either.

As I don&#39;t know too much about cookies I don&#39;t know if it&#39;s &quot;the \
right way&quot; though, it just looks cleaner. Maybe someone with more experience \
could take a look and comment if that would make sense.</pre>  </blockquote>







</blockquote>

<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: \
-pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">I don&#39;t think it \
could be useful to load a single cookie without loading the rest of the cookies of \
the domain, as every time an HTTP request is made, all of them are sent to the \
server. Moreover, creating a key for each cookie would also require to create another \
key for the domain to avoid trying to open the wallet when no cookies are \
needed.</pre> <br />








<p>- José</p>


<br />
<p>On October 26th, 2010, 1:24 a.m., José Millán Soto wrote:</p>






<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="8" \
style="background-image: \
url('http://svn.reviewboard.kde.orgrb/images/review_request_box_top_bg.png'); \
background-position: left top; background-repeat: repeat-x; border: 1px black \
solid;">  <tr>
  <td>

<div>Review request for kdelibs.</div>
<div>By José Millán Soto.</div>


<p style="color: grey;"><i>Updated 2010-10-26 01:24:01</i></p>




<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: \
1px solid #b8b5a0">  <tr>
  <td>
   <pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: \
-moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: \
break-word;">Currently cookies are stored in a plain text file. This patch allows \
KCookieJar to store the cookies securely using KWallet.

The main problem I had writing this patch was that when a web page is requested, KIO \
ask for the cookies to kded using dbus. In the first implementations that I wrote, if \
the user took too long to open the wallet, KIO received a dbus timeout.

To prevent this, if it takes more than 10 seconds to open the wallet, the web page \
will be requested without sending the cookies (or sending the available cookies if \
there&#39;s still the plain text cookie file). If the wallet is opened after that, \
the cookies stored in the wallet will be available since then.

Because of this, the feature is disabled by default.</pre>
  </td>
 </tr>
</table>





<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">

 <li>/trunk/KDE/kdebase/apps/konqueror/settings/kio/kcookiespolicies.cpp <span \
style="color: grey">(1189829)</span></li>

 <li>/trunk/KDE/kdebase/apps/konqueror/settings/kio/kcookiespoliciesdlg.ui <span \
style="color: grey">(1189829)</span></li>

 <li>/trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookiejar.h <span style="color: \
grey">(1189787)</span></li>

 <li>/trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookiejar.cpp <span style="color: \
grey">(1189787)</span></li>

 <li>/trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookieserver.h <span style="color: \
grey">(1189787)</span></li>

 <li>/trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookieserver.cpp <span \
style="color: grey">(1189787)</span></li>

</ul>

<p><a href="http://svn.reviewboard.kde.org/r/4927/diff/" style="margin-left: \
3em;">View Diff</a></p>




  </td>
 </tr>
</table>








  </div>
 </body>
</html>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic