[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Review Request: Using KWallet to store Cookies
From: José Millán Soto <fid () gpul ! org>
Date: 2010-10-26 2:01:17
Message-ID: 20101026020117.14793.28029 () vidsolbach ! de
[Download RAW message or body]
> On 2010-08-18 09:02:59, Dawit Alemayehu wrote:
> > In addition to my review below, I have one question for you... Is it re=
ally necessary to have the "StoreWhenWalletNotAvaliable" option ?
I'm really sorry for taking so long to answer you.
I thought I had already answered you, but I didn't realize I forgot to clic=
k the "Publish" button. :(
The main problem is that if the wallet is not available for whatever reason=
, the cookies might be stored in a plain text file without the user even re=
alizing.
So this option is there to allow the user to choose which is the preferred =
option if that happens, either to store the information insecurely or not t=
o store the information at all.
- Jos=C3=A9
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://svn.reviewboard.kde.org/r/4927/#review7077
-----------------------------------------------------------
On 2010-10-26 01:24:01, Jos=C3=A9 Mill=C3=A1n Soto wrote:
> =
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://svn.reviewboard.kde.org/r/4927/
> -----------------------------------------------------------
> =
> (Updated 2010-10-26 01:24:01)
> =
> =
> Review request for kdelibs.
> =
> =
> Summary
> -------
> =
> Currently cookies are stored in a plain text file. This patch allows KCoo=
kieJar to store the cookies securely using KWallet.
> =
> The main problem I had writing this patch was that when a web page is req=
uested, KIO ask for the cookies to kded using dbus. In the first implementa=
tions that I wrote, if the user took too long to open the wallet, KIO recei=
ved a dbus timeout.
> =
> To prevent this, if it takes more than 10 seconds to open the wallet, the=
web page will be requested without sending the cookies (or sending the ava=
ilable cookies if there's still the plain text cookie file). If the wallet =
is opened after that, the cookies stored in the wallet will be available si=
nce then.
> =
> Because of this, the feature is disabled by default.
> =
> =
> Diffs
> -----
> =
> /trunk/KDE/kdebase/apps/konqueror/settings/kio/kcookiespolicies.cpp 118=
9829 =
> /trunk/KDE/kdebase/apps/konqueror/settings/kio/kcookiespoliciesdlg.ui 1=
189829 =
> /trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookiejar.h 1189787 =
> /trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookiejar.cpp 1189787 =
> /trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookieserver.h 1189787 =
> /trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookieserver.cpp 1189787 =
> =
> Diff: http://svn.reviewboard.kde.org/r/4927/diff
> =
> =
> Testing
> -------
> =
> =
> Thanks,
> =
> Jos=C3=A9
> =
>
[Attachment #3 (text/html)]
<html>
<body>
<div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
<table bgcolor="#f9f3c9" width="100%" cellpadding="8" style="border: 1px #c9c399 \
solid;"> <tr>
<td>
This is an automatically generated e-mail. To reply, visit:
<a href="http://svn.reviewboard.kde.org/r/4927/">http://svn.reviewboard.kde.org/r/4927/</a>
</td>
</tr>
</table>
<br />
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: \
10px;"> <p style="margin-top: 0;">On August 18th, 2010, 9:02 a.m., <b>Dawit \
Alemayehu</b> wrote:</p> <blockquote style="margin-left: 1em; border-left: 2px solid \
#d0d0d0; padding-left: 10px;"> <pre style="white-space: pre-wrap; white-space: \
-moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: \
break-word;">In addition to my review below, I have one question for you... Is it \
really necessary to have the "StoreWhenWalletNotAvaliable" option ?</pre> \
</blockquote>
</blockquote>
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: \
-pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">I'm really sorry for \
taking so long to answer you. I thought I had already answered you, but I didn't \
realize I forgot to click the "Publish" button. :( The main problem is that \
if the wallet is not available for whatever reason, the cookies might be stored in a \
plain text file without the user even realizing. So this option is there to allow the \
user to choose which is the preferred option if that happens, either to store the \
information insecurely or not to store the information at all.</pre> <br />
<p>- José</p>
<br />
<p>On October 26th, 2010, 1:24 a.m., José Millán Soto wrote:</p>
<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="8" \
style="background-image: \
url('http://svn.reviewboard.kde.orgrb/images/review_request_box_top_bg.png'); \
background-position: left top; background-repeat: repeat-x; border: 1px black \
solid;"> <tr>
<td>
<div>Review request for kdelibs.</div>
<div>By José Millán Soto.</div>
<p style="color: grey;"><i>Updated 2010-10-26 01:24:01</i></p>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: \
1px solid #b8b5a0"> <tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: \
-moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: \
break-word;">Currently cookies are stored in a plain text file. This patch allows \
KCookieJar to store the cookies securely using KWallet.
The main problem I had writing this patch was that when a web page is requested, KIO \
ask for the cookies to kded using dbus. In the first implementations that I wrote, if \
the user took too long to open the wallet, KIO received a dbus timeout.
To prevent this, if it takes more than 10 seconds to open the wallet, the web page \
will be requested without sending the cookies (or sending the available cookies if \
there's still the plain text cookie file). If the wallet is opened after that, \
the cookies stored in the wallet will be available since then.
Because of this, the feature is disabled by default.</pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">
<li>/trunk/KDE/kdebase/apps/konqueror/settings/kio/kcookiespolicies.cpp <span \
style="color: grey">(1189829)</span></li>
<li>/trunk/KDE/kdebase/apps/konqueror/settings/kio/kcookiespoliciesdlg.ui <span \
style="color: grey">(1189829)</span></li>
<li>/trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookiejar.h <span style="color: \
grey">(1189787)</span></li>
<li>/trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookiejar.cpp <span style="color: \
grey">(1189787)</span></li>
<li>/trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookieserver.h <span style="color: \
grey">(1189787)</span></li>
<li>/trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookieserver.cpp <span \
style="color: grey">(1189787)</span></li>
</ul>
<p><a href="http://svn.reviewboard.kde.org/r/4927/diff/" style="margin-left: \
3em;">View Diff</a></p>
</td>
</tr>
</table>
</div>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic