From: Simon Josefsson <jas@extundo.com>
Cc: emacs-devel@gnu.org
Subject: Re: Moving files from lisp/gnus/ to lisp/net/?
Date: Wed, 27 Oct 2004 21:08:28 +0200 [thread overview]
Message-ID: <iluwtxcnfmb.fsf@latte.josefsson.org> (raw)
In-Reply-To: <E1CMlL5-0000ZM-9W@fencepost.gnu.org> (Richard Stallman's message of "Wed, 27 Oct 2004 06:47:35 -0400")
Richard Stallman <rms@gnu.org> writes:
> It occurs to me that paranoid people might be worried about saving
> passwords in a cache like this. What do people know about that issue?
Yes, that is a valid concern. That was one reason I didn't think of
changing the existing read-passwd interface.
Other applications typically ask the user whether they want to
remember the password in memory. If read-passwd is changed to cache
passwords (however, to use the cache, callers of read-passwd must be
updated, to provide the "key" into the hash table), it could ask the
user this. Opinions on this welcome.
> The text added to the manual is clear enough. I have some issues
> about the substance:
>
> -- Function: read-passwd prompt &optional confirm default
> This function reads a password, prompting with PROMPT. It does
> not echo the password as the user types it; instead, it echoes `.'
> for each character in the password.
>
> This ought to use the cache now, but the text does not say so.
>
> (Later): It looks like all you did was move read-passwd into
> password.el without changing it. What I suggested was to integrate
> read-passwd into this file--which means, make it use the cache.
Sorry, I did not get this at first.
> So if its definition is to remain unchanged, it should stay in subr.el
> where it is preloaded. But I would rather see it move to password.el
> and *take advantage of the facilities of password.el*.
>
> Can this be done?
Yes. I'll work on it.
> -- Function: password-read prompt key
> Read a password from the user, using `read-passwd', prompting with
> PROMPT. If a password has been stored in the password cache,
> using `password-cache-add' on the same KEY, it is returned
> directly, without querying the user.
>
> Once read-passwd uses the cache, won't password-read be obsolete?
Yes.
> Why have both password-read and password-read-and-add?
> Why not always add? Is the idea that for some purposes
> it is ok to cache, but for others it is too risky?
No, the reason was this: if the user entered an incorrect password, it
should not be cached. If an incorrect password is cached, the code
might infloop trying the incorrect password automatically over and
over again. It was considered safer to first read the password, then
try to use it, and if successful then it is cached.
I'm not sure my argument is good, it may be simpler to always cache,
and have the calling code invoke password-cache-remove whenever there
is a password failure.
next prev parent reply other threads:[~2004-10-27 19:08 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-15 19:26 Moving files from lisp/gnus/ to lisp/net/? Simon Josefsson
2004-10-15 19:37 ` Simon Josefsson
2004-10-15 23:27 ` Miles Bader
2004-10-16 2:08 ` Ted Zlatanov
2004-10-16 13:52 ` Richard Stallman
2004-10-17 13:45 ` Simon Josefsson
2004-10-18 13:58 ` Richard Stallman
2004-10-24 12:24 ` Simon Josefsson
2004-10-25 13:13 ` Richard Stallman
2004-10-25 14:13 ` Simon Josefsson
2004-10-27 10:47 ` Richard Stallman
2004-10-27 19:08 ` Simon Josefsson [this message]
2004-10-29 4:32 ` Richard Stallman
2004-10-29 21:25 ` Simon Josefsson
2004-11-01 20:09 ` Ted Zlatanov
2004-11-01 20:31 ` Simon Josefsson
2004-11-02 18:30 ` Ted Zlatanov
2004-11-02 21:15 ` Stefan Monnier
2007-11-02 15:02 ` Richard Stallman
2007-11-05 10:16 ` Simon Josefsson
2007-11-06 8:38 ` Richard Stallman
2007-11-06 14:01 ` Daiki Ueno
2007-11-07 7:55 ` Richard Stallman
2007-11-08 0:46 ` Daiki Ueno
2007-11-08 17:40 ` Richard Stallman
[not found] ` <54a15d860711081633k364caf30r3b75464be8a060fa@mail.gmail.com>
2007-11-09 13:40 ` Fwd: " Daiki Ueno
[not found] ` <E1IqbtM-0003DR-P8@fencepost.gnu.org>
2007-11-10 4:53 ` Daiki Ueno
2007-11-10 7:07 ` Daiki Ueno
2007-11-10 20:03 ` Stefan Monnier
2007-11-11 0:04 ` Daiki Ueno
2007-11-11 19:33 ` Richard Stallman
2007-11-12 8:54 ` Daiki Ueno
2007-11-13 5:10 ` Richard Stallman
2007-11-14 3:45 ` Daiki Ueno
2007-11-14 5:44 ` Michael Albinus
2007-11-14 14:54 ` Stefan Monnier
2007-11-14 15:13 ` Michael Albinus
2007-11-14 17:30 ` Stefan Monnier
2007-11-15 3:08 ` Richard Stallman
2007-11-15 3:47 ` Stefan Monnier
2007-11-16 4:28 ` Richard Stallman
2007-11-15 0:23 ` Miles Bader
2007-11-15 3:08 ` Richard Stallman
2007-11-11 5:22 ` Richard Stallman
2007-11-10 19:53 ` Tom Tromey
2004-10-15 20:05 ` Miles Bader
2004-10-15 21:15 ` Simon Josefsson
2004-10-16 7:43 ` Thien-Thi Nguyen
2004-10-16 13:44 ` Miles Bader
2004-10-15 20:44 ` Stefan Monnier
2004-10-15 21:06 ` Simon Josefsson
2004-10-15 21:32 ` Lars Magne Ingebrigtsen
2004-10-15 21:47 ` Simon Josefsson
2004-10-15 21:52 ` Stefan Monnier
2004-10-18 1:04 ` Miles Bader
2004-10-18 13:59 ` Richard Stallman
2004-10-20 10:27 ` Lars Magne Ingebrigtsen
2004-10-20 10:50 ` Miles Bader
2004-10-20 11:22 ` Ralf Angeli
2004-10-20 11:39 ` Ralf Angeli
2004-10-21 1:09 ` Miles Bader
2004-10-20 11:32 ` Lars Magne Ingebrigtsen
2004-10-20 11:56 ` Karl Fogel
2004-10-20 12:38 ` David Kastrup
2004-10-20 13:06 ` Stefan Monnier
2004-10-20 12:34 ` David Kastrup
2004-10-21 1:28 ` Miles Bader
2004-10-21 5:03 ` Lars Magne Ingebrigtsen
2004-10-21 5:49 ` Miles Bader
2004-10-21 10:05 ` Kim F. Storm
2004-10-23 7:48 ` Lars Magne Ingebrigtsen
2004-10-25 1:02 ` Miles Bader
2004-10-25 10:14 ` Simon Josefsson
2004-10-25 17:46 ` Lars Magne Ingebrigtsen
2004-10-25 22:41 ` Miles Bader
2004-10-27 17:21 ` Lars Magne Ingebrigtsen
2004-10-28 2:21 ` Miles Bader
2004-10-26 7:28 ` Kai Grossjohann
2004-10-27 17:21 ` Lars Magne Ingebrigtsen
2004-10-16 13:52 ` Richard Stallman
2004-10-18 17:54 ` Ted Zlatanov
2004-10-18 21:36 ` Reiner Steib
2004-10-21 18:45 ` Ted Zlatanov
2004-10-22 0:25 ` Miles Bader
2004-10-24 12:13 ` Simon Josefsson
2004-10-24 12:20 ` Miles Bader
2004-10-24 13:41 ` Simon Josefsson
2004-10-24 22:18 ` Stefan
2004-10-25 10:08 ` Simon Josefsson
2004-10-25 11:55 ` Stefan
2004-10-25 13:07 ` Simon Josefsson
2004-10-26 9:05 ` Richard Stallman
2004-10-26 9:26 ` Simon Josefsson
2004-10-19 16:45 ` Richard Stallman
2004-10-21 18:45 ` Ted Zlatanov
2004-10-23 4:49 ` Richard Stallman
2004-10-24 12:59 ` Simon Josefsson
2004-10-24 13:05 ` Move sha1.el and hex-util.el from lisp/gnus/ to lisp/net/ (was: Re: Moving files from lisp/gnus/ to lisp/net/?) Simon Josefsson
2004-10-25 13:13 ` Richard Stallman
2004-10-25 14:23 ` Move sha1.el and hex-util.el from lisp/gnus/ to lisp/net/ Simon Josefsson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=iluwtxcnfmb.fsf@latte.josefsson.org \
--to=jas@extundo.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).