On Sun, Jun 15, 2014 at 9:25 PM, Merlijn van Deen <valhallasw(a)arctus.nl> wrote:
On 15 June 2014 09:19, John Mark Vandenberg
<jayvdb(a)gmail.com> wrote:
We have four sets of cleartext passwords (http & proxy & db), and secrets
such as various API keys and mw cookies and edit tokens.
The passwords are stored in two files in clear text (user-config.py and.
passwd). Other secrets are in cached api files, etc.
I would like to introduce an optional dependency on a library to manage
(some of?) these secrets. The current secret storage would continue to work
correctly.
The keyring package is the obvious candidate. Any objections or
improvements on that?
I'm not completely sure how that would work -- I see how it could work as
alternative to ~/.pywikibot, but it might be problematic for people with
multiple checkouts for different usernames/bots.
user-config.py would still be the place to store account names; only
the passwords would be located somewhere else, in a wallet.
In addition, I'm afraid
this might make the credential storage fairly opaque: you'd need to run some
script to set the password, instead of just editing a config file.
We currently prompt users to enter their wiki account password. We
would do the same if the password is not in the user's wallet, and
then store it in the wallet if requested by the user.
There are also programs like KWallet which provide a nice user
interface for the wallet.
The wallet is shared, so passwords to utilise a wiki account need only
be stored once in order for many applications to reuse it.
.
What's the major advantage over a file with 600
permissions?
Currently the proxy and http passwords are placed in user-config.py ,
which isnt good. That file should be able to be viewed on a computer
with other people watching. IMO that needs to be fixed. And if we
fix that, we may as well look for a solution which covers wiki
passwords/secrets also.
Allowing the backing store to be configurable via keyring will allow
the user to put this information where they feel most comfortable
storing it, and it may be a protected storage and transit system.
Will it prevent
local administrators from accessing the password? (they could also just
sniff the password from the network traffic...)
Not if the traffic is SSL, unless they are NSA.
One last point: I think cached api files should *not*
store passwords. The
exception are the tests, which cache everything to make sure tests run
reasonably fast.
Sorry, you are right - the API call for tokens isnt currently cached,
except by the tests as you mention.
The cookies are kept in pywikibot.lwp
--
John Vandenberg