On 12/02/2010 04:16 PM, David Woodhouse wrote: > On Thu, 2010-12-02 at 17:53 +0000, David Woodhouse wrote: >> >> Hrm, why not using the *same* 'keyname' string as we're using for the >> TEXT and SELECT cases? There was a reason we included the form->auth_id >> in that key. > > Patch below should do that. But I notice two problems now I look closer. > Thanks David. I appreciated your attention. > Firstly, it's not optional. I think it needs to be; we don't want to > *unconditionally* save the password. Not only for security reasons, but > also because it might be a one-time password. > By optional, you mean a "save password" checkbox in the GUI or a compile-time flag (e.g.: --with-gnome-keyring)? > Secondly, it's saving the password even if the authentication fails. > You'll note that 'remember_gconf_key' doesn't actually set it > immediately; it just *stores* it, and the entry later gets set when the > cookie_obtained() function walks through the ui_data->success_keys list. > If I understood it correctly, in remember_keyring_key() I should only store form_id, name and value in auth_ui_data and actually save them in gnome-keyring inside cookie_obtained() function. Is that correct? > (Third problem was that your patch lacked a Signed-off-by) > Thanks for making me aware of this. I'll add it in the next patch. -- Murilo
