[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [eclipse-dev] .keyring moved
|
FYI
Passwords are not cached for CVS locations using the SSH2 connection
method. It isn't secure to use the keyring file to store passwords.
Instead, if you don't want to be prompted each time you restart your
workbench configure the Eclipse SSH2 client to use key-pair
authentication. Keys can be generated via the CVS > SSH2 preference page
and then copied to the CVS server.
Cheers,
Jean-Michel
Jeff McAffer/Ottawa/IBM@IBMCA
Sent by: eclipse-dev-admin@xxxxxxxxxxx
01/29/2004 11:08 AM
Please respond to
eclipse-dev@xxxxxxxxxxx
To
eclipse-dev@xxxxxxxxxxx
cc
Subject
Re: [eclipse-dev] .keyring moved
As mentioned in bug https://bugs.eclipse.org/bugs/show_bug.cgi?id=50820,
this addresses a long standing security issue where people exchange
workspaces and unknowingly pass along their passwords.
I understand your points but observe that:
- the vast majority of Eclipse users change workspaces more often than
they change builds.
- having to delete the .config dir is an exception not a design point. As
the bugs are fixed and more cases are handled, this practice will not be
needed/used
Given the security issues and the above points, we feel this is the best
approach. Please annotate the above bug if you have counter
arguments/scenarios.
Jeff
Pascal Rapicault/Ottawa/IBM@IBMCA
Sent by: eclipse-dev-admin@xxxxxxxxxxx
01/29/2004 09:42 AM
Please respond to
eclipse-dev
To
eclipse-dev@xxxxxxxxxxx
cc
eclipse-dev@xxxxxxxxxxx, eclipse-dev-admin@xxxxxxxxxxx
Subject
Re: [eclipse-dev] .keyring moved
That's why you can specify -keyring option.
P.
Daniel Megert <daniel_megert@xxxxxxxxxx>
Sent by: eclipse-dev-admin@xxxxxxxxxxx
01/29/2004 10:35 AM
Please respond to eclipse-dev
To: eclipse-dev@xxxxxxxxxxx
cc:
Subject: Re: [eclipse-dev] .keyring moved
How about moving to a new build (which I do at least once a week)? Will I
now have to enter the passwords again each time?
It also means each time when I have to delete the .config directory (e.g.
because I cannot startup after a crash), I will loose my passwords?
Dani
Pascal Rapicault
<Pascal_Rapicault
@ca.ibm.com> To
Sent by: eclipse-dev@xxxxxxxxxxx
eclipse-dev-admin cc
@eclipse.org
Subject
[eclipse-dev] .keyring moved
29.01.2004 16:17
Please respond to
eclipse-dev@eclip
se.org
Hello,
As a consequence of the introduction of the support for running without a
workspace, and also
to allow people to share workspaces without giving away their passwords,
the .keyring file has been
moved to the .config area. Consequently this provide password sharing
across workspaces.
What does this mean to you:
- if you are opening an existing workspace with a new version of eclipse,
you will be prompted for your passwords and a new .keyring file will be
created into your .config area
- in self host mode you will have to re-enter you pwd every time because
the .config area is recreated everytime by PDE.
Note that you can still specify the -keyring option on the command line.
PaScaL
_______________________________________________
eclipse-dev mailing list
eclipse-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe
from this list, visit
http://dev.eclipse.org/mailman/listinfo/eclipse-dev
