Add possibility to remember password for shared databases.#1846
Conversation
5079221 to
b38f020
Compare
| private static final String SHARED_DATABASE_REMEMBER_PASSWORD = "sharedDatabaseRememberPassword"; | ||
|
|
||
| // This {@link Preferences} is used only for things which should not appear in real JabRefPreferences due to security reasons. | ||
| private final Preferences internalPrefs = Preferences.userNodeForPackage(OpenSharedDatabaseDialog.class); |
There was a problem hiding this comment.
Is it possible to use another node for storing? The whole preference tree gets exported. Therefore, this should be located somewhere else @matthiasgeiger
|
Could you use some unique system properties such as the login name, serial number of Windows or something as additional encryption key? - If you use that too, maybe the preferences can be exported completely. As alternative, on Windows, maybe the Windows Credential Store can be used? On Linux, the key store. On Mac? |
|
Maybe this // Edit: Of course it must be outside "/net/sf/jabref" ... ;-) |
| userField.setText(sharedDatabaseUser.get()); | ||
| } | ||
|
|
||
| if (sharedDatabasePassword.isPresent()) { |
There was a problem hiding this comment.
The password should only be set when there is a password available and the checkbox to remember the password is checked so please add && sharedDatabaseRememberPassword.
There was a problem hiding this comment.
See: https://github.com/JabRef/jabref/pull/1846/files#diff-bf287bbdc594ec6ec66a15154e141110R316. If the checkbox is not select the pref is going to be cleared.
|
Only minor coments from me. Once they are done and the conflicts are reseolved, it looks good to me 👍 |
|
Password Hashing is the solution! (It should have come earlier to my mind) |
|
@matthiasgeiger Unfortunately it does not work. I used for testing As another solution we could add |
|
@obraliar I think that the exported key is a remnant of previously saved settings. If you are using windows use Your addition should be placed in |
|
@Siedlerchr There should be a possibility to decrypt the password again as this is going to be sent to DBMS. Could you explain what to do with hashing? |
|
@matthiasgeiger 👍 I'm using Linux (Debian) and there you have to remove |
|
@koppor What about using the MAC address? |
b38f020 to
55de86b
Compare
|
I think the suggestion is now obsolote as exporting the prefs without the password is now possible. Maybe we should add a comment in the help file that the password is saved on the local hard disk - then a user can decide whether he wants to save it or not... Regarding the prefs node: As we want to move the package from "net.sf" to "org" eventually in the future it would be perhaps better to use |
55de86b to
2b94985
Compare
|
@matthiasgeiger I agree cause the safest way is not to use the function "remember password" as this is generally a security gap due to symetric encryption. |
316e94f to
2e700f6
Compare
|
Forget about the Hashing. I didn't think about that you need it in plaintex to send to the db.. |
|
@matthiasgeiger I would nevertheless keep a simple encryption to make it a bit harder to access the password. |
|
@JabRef/developers Could someone look at this PR and possibly merge it in, please? |
f459b5c to
d5fec26
Compare
|
LGTM 👍 |
|
|
||
| public class OpenSharedDatabaseDialog extends JDialog { | ||
|
|
||
| private static final Log LOGGER = LogFactory.getLog(Password.class); |
There was a problem hiding this comment.
Change the class in getLog to the actual class name (OpenSharedDatabaseDialog)
Otherwise logs shows wrong class.
|
Generally good work, if you address the comments, then we can merge it in 👍 |
d5fec26 to
5ae1bfa
Compare
|
|
||
| public class OpenSharedDatabaseDialog extends JDialog { | ||
|
|
||
| protected static final Log LOGGER = LogFactory.getLog(OpenSharedDatabaseDialog.class); |
There was a problem hiding this comment.
Why is the logger protected here?
There was a problem hiding this comment.
Done. Copy & paste from DBMSProcessor 🙈.
5ae1bfa to
2ec2e0d
Compare
- Add checkbox to the open shared database dialog - Add SharedDatabasePreferences - Add password encrypting and decrypting methods - Update localization entries - Reorganize clearing methods for Preferences
- Use username as one operand - Add new parameter to the constructor
- Use CBC and padding - Hash the key before using - Simplify conversion
2ec2e0d to
968e8b1
Compare
968e8b1 to
0a8fc3a
Compare
|
All issues have been fixed. |
* Check integrity edition check * Conflict in Jabref_fr * Changed order Biblatex/Bibtex condition * Create own object * Rename variable * Extract checker to own file * Improved comment * French localization: Jabref_fr: empty strings translated + removal of unused header (#1911) * Remove teamscale findings in the database package (#1577) * Check integrity edition check * Changed order Biblatex/Bibtex condition * Create own object * Rename variable * Mark some methods as deprecated in BibEntry and BibDatabase (#1913) * Mark some methods as deprecated in BibEntry and BibDatabase * Rename getResolvedFieldOrAlias * Use flatmap * Fix location field not exported correctly to office 2007 xml (#1909) * Fix location field not exported to office 2007 xml * Add some test for exporting location and address field Address in xml field is now imported as location add some javadoc * Add possibility to remember password for shared databases. (#1846) * Add possibility to remember password. - Add checkbox to the open shared database dialog - Add SharedDatabasePreferences - Add password encrypting and decrypting methods - Update localization entries - Reorganize clearing methods for Preferences * Change prefs node and add class comment. * Relativate node path for password storage. * Fix LOGGER factory. * Improve password encryption using XOR. - Use username as one operand - Add new parameter to the constructor * Extract method. * Improve exception handling. * Improve password encryption and decryption. - Use CBC and padding - Hash the key before using - Simplify conversion * Fix modifier. Fix conflicts. * Extract checker to own file * Improved comment * Translation of shared (#1919) * Add missing entries in german localization * Resolved conflicts * Some more conflicts de sv * Expressions changed
Issue: #1703. (completition)
Screenshot:
