Opened 7 years ago
Last modified 11 months ago
#4710 new defect
Save passwords in OS keyring
Reported by: | rugk | Owned by: | |
---|---|---|---|
Priority: | If Time Permits | Milestone: | Backlog |
Component: | Multiplayer lobby | Keywords: | security |
Cc: | Patch: |
Description (last modified by )
This is really a low-priority idea, but IMHO it is a nice idea for a FLOSS project. Maybe something for contributors…
Currently you save the password in the config file of 0ad. It is hashed, that is good. However, it can be imroved by using a well-known mechanism for storing password, whcih (nearly) each OS has: Keyrings or Keychains.
So using well-proven/standard techniques you can store the password in the keyrings of KDE/Gnome or Max OS. All, of course, offer APIs for that, but they are likely very different. So maybe it is a long-term goal, but as 0ad is an open-source project I could imagine this being a tiny thing, which can set it apart from the competition, which likely do all crazy things with passwords instead of using the proper™ way… :rolleyes:
BTW, there are even ways to use this on Windows[1][2], but probably that is kind of difficult, so IMHO the focus should be on the Linux/MacOSD implementation if anybody is interested in this.
[1] https://msdn.microsoft.com/en-us/library/aa374731(v=VS.85).aspx#credentials_management_functions
[2] https://stackoverflow.com/questions/442923/windows-equivalent-of-os-x-keychain
[3] https://stackoverflow.com/questions/9221245/how-do-i-store-and-retrieve-credentials-from-the-windows-vault-credential-manage
Change History (2)
comment:1 by , 4 years ago
Description: | modified (diff) |
---|
Using a third-party library which provides a unified cross-platform interface might probably be a good idea to reduce the effort of implementing that. https://github.com/hrantzsch/keychain/ might be an option for that.