[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Re: kio_ftp
From:       Dawit Alemayehu <adawit () earthlink ! net>
Date:       1999-11-06 20:39:28
[Download RAW message or body]

On Sat, 06 Nov 1999, Simon Hausmann wrote:
> Hi,
> 
> I have two suggestions/qestions/comments for kio_ftp:
> 
> 1) Is it OK to save/remember the last entered password?
>    I find it quite annoying to re-enter the password each time I perform
>    an operation on an ftp server I have to authenticate myself.

Well I see a couple of problems with this. Although it is very
convenient,  it is almost always not a good idea to store passwords for
obvious security reasons.  The other problem is if you made a mistake with the
original password and you wanted to retry, you would not be prompted for the
password again.  It would just keep failing.  At least this is what it did/does
in kfm.  However, I think both of these issues are not that difficult to
address.  For storing the password perhaps something along the lines of what
kdesu does can be adapted.  At the moment I do not know exactly how, but it
claims to store your password in a safe manner without encryption IIRC.  It
also allows you to configure the duration a stored password would be valid and
discards it once the timer expires ( I like this feature very much !! ).  The
other issue about errors in entering passwords is largely based on what I know
of kfm, but I simply think this can simply be solved by parsing error messages
and re-requesting the username/password if the server refuses the login.

> 2) Is it OK if we make kio_ftp use kio_http when using an ftp
> proxy?

Hmmm ... this is a good point.  It looks like the ftp_proxy.* files are
directly ported over from KDE 1.1.x.  I think kio_ftp should do the same
thing kio_http is doing since proxy servers authenticate requests the same
way regardless of the protocol involved, you are either allowed to have access
to the service on a particular host or not.  KProrotcolManager already
provides a skeleton functions for setting/getting/using/not using proxy 
information.  The only thing I see missing is the ability to compare whether
a particular host is on the the NoProxy list or not.  In kio_http this is the
sole purpose for the revmatch ( const char*, const char* ) function.  Perhaps it
would be a good idea to move it into KProtocolManager so that other protocols
can make use of it as well.

After this I think it would be a matter of hacking kio_ftp or any other
protocol to handle proxy the way http does.  what do you think ?

Regards,
Dawit A.

[prev in list] [next in list] [prev in thread] [next in thread]