mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

devblog

Browse source
This commit is contained in:
Joey Hess 2014-04-25 16:34:33 -04:00
parent 2adeef61a1
commit 5f521f6952
Failed to extract signature
2 changed files with 13 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
doc/design/assistant/sshpassword.mdwn
View file

@ -25,12 +25,12 @@ code to run ssh-askpass.
* Maybe force upgrade webapp to https? Locally, the risk would be that
root could tcpdump and read password, so not large risk. If webapp
is used remotely, require https.
is being accessed remotely, absolutely: require https.
* Use hs-securemem to store password.
* Avoid storing password for long. Erase it after webapp setup of remote
is complete. Time out after 10 minutes and erase it.
* Prompt using a field name that does not trigger web browser password
saving.
* Prompt using a html field name that does not trigger web browser password
saving if possible.
### ssh-askpass shim, and password forwarding