passwordsafe-devel Mailing List for Password Safe (Page 38)
Popular easy-to-use and secure password manager
Brought to you by:
ronys
Menu
▾
▴
passwordsafe-devel — For developers of Password Safe
You can subscribe to this list here.
| 2002 |
Jan
(2) |
Feb
(1) |
Mar
(4) |
Apr
|
May
(18) |
Jun
(11) |
Jul
|
Aug
(1) |
Sep
|
Oct
(3) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
(67) |
May
(96) |
Jun
(16) |
Jul
(26) |
Aug
(9) |
Sep
(7) |
Oct
(11) |
Nov
|
Dec
(19) |
| 2004 |
Jan
(13) |
Feb
(27) |
Mar
(20) |
Apr
(9) |
May
|
Jun
(1) |
Jul
(5) |
Aug
(47) |
Sep
(12) |
Oct
(2) |
Nov
(5) |
Dec
(21) |
| 2005 |
Jan
(27) |
Feb
(5) |
Mar
(3) |
Apr
(10) |
May
(12) |
Jun
(8) |
Jul
(22) |
Aug
(4) |
Sep
(1) |
Oct
(2) |
Nov
(41) |
Dec
(15) |
| 2006 |
Jan
(17) |
Feb
(15) |
Mar
(14) |
Apr
(3) |
May
(2) |
Jun
(8) |
Jul
(5) |
Aug
|
Sep
(2) |
Oct
(12) |
Nov
(12) |
Dec
(3) |
| 2007 |
Jan
(1) |
Feb
(6) |
Mar
(11) |
Apr
|
May
(35) |
Jun
(4) |
Jul
(4) |
Aug
(2) |
Sep
(6) |
Oct
|
Nov
(2) |
Dec
|
| 2008 |
Jan
|
Feb
(2) |
Mar
|
Apr
(1) |
May
(1) |
Jun
(1) |
Jul
|
Aug
(3) |
Sep
(1) |
Oct
|
Nov
(3) |
Dec
(1) |
| 2009 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
(3) |
May
|
Jun
(2) |
Jul
|
Aug
(4) |
Sep
(1) |
Oct
|
Nov
|
Dec
(2) |
| 2010 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
(2) |
Aug
(1) |
Sep
|
Oct
(2) |
Nov
(3) |
Dec
(14) |
| 2011 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
|
Jun
(8) |
Jul
(3) |
Aug
|
Sep
(3) |
Oct
(2) |
Nov
|
Dec
|
| 2012 |
Jan
(1) |
Feb
(3) |
Mar
|
Apr
(2) |
May
|
Jun
(4) |
Jul
(3) |
Aug
(3) |
Sep
(1) |
Oct
(3) |
Nov
|
Dec
(2) |
| 2013 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(6) |
Jun
(4) |
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2014 |
Jan
(1) |
Feb
(3) |
Mar
|
Apr
(2) |
May
|
Jun
|
Jul
(3) |
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
(5) |
| 2015 |
Jan
|
Feb
|
Mar
(3) |
Apr
|
May
(1) |
Jun
(2) |
Jul
|
Aug
(1) |
Sep
(1) |
Oct
(4) |
Nov
(1) |
Dec
(2) |
| 2016 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
(3) |
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
(2) |
Dec
|
| 2017 |
Jan
|
Feb
|
Mar
(2) |
Apr
(1) |
May
|
Jun
(2) |
Jul
(1) |
Aug
(1) |
Sep
(1) |
Oct
(1) |
Nov
|
Dec
|
| 2018 |
Jan
(3) |
Feb
|
Mar
(1) |
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(2) |
Sep
(1) |
Oct
(2) |
Nov
(1) |
Dec
(1) |
| 2019 |
Jan
(1) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
(3) |
Aug
|
Sep
(1) |
Oct
(9) |
Nov
|
Dec
(2) |
| 2020 |
Jan
|
Feb
|
Mar
(2) |
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
(1) |
Oct
(2) |
Nov
|
Dec
|
| 2021 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
(1) |
Nov
|
Dec
(2) |
| 2022 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
|
Dec
(1) |
| 2023 |
Jan
(2) |
Feb
(1) |
Mar
|
Apr
|
May
(8) |
Jun
|
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
(2) |
Dec
|
| 2024 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
|
Dec
|
| 2025 |
Jan
|
Feb
|
Mar
(2) |
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: John B. <joh...@ps...> - 2003-04-24 11:56:51
|
Rony, on 24 Apr 2003 at 13:34, you wrote: > Andrew Mullican has taken the lead on portability issues. I think the first > changes will be to refactor the code to support portability (i.e., the > Bridge pattern). If you'll follow the devel mailing list, you should see the > announcement when Andrew finishes this, at which time it would make sense > for you to pitch in for a PalmOS version (although I think you can start on > the hotsync side independantly?). > > Let me know if and how you'd like to participate. It's been more than a year since I've looked at the source code, and in the meantime I *still* haven't had the time to come up to speed on developing for the PalmOS. (I'm a PC & web developer but so far only a *user* of the PalmOS.) So I think it's appropriate that I use the refactoring time to assess how much "free" time I will have and whether I should take the responsibility for the hotsync design and implementation. If we have someone else on the team who has already developed for the PalmOS and who already understands what it takes to build a hotsync conduit, I think it would be appropriate for them to take the lead on this issue... I would be happy to contribute code under their lead. If no one else steps forward, then I will try to take the lead on the issue at the appropriate time, just so it gets done. Hopefully this is the most rational approach! regards to all, -- john baldwin |
|
From: Rony S. <ro...@gm...> - 2003-04-24 10:34:58
|
*** Thanks Gregg! *** I'l remove the Todo page from the project site shortly. Rony -----Original Message----- From: pas...@li... [mailto:pas...@li...]On Behalf Of gregg conklin Sent: Thursday, April 24, 2003 3:13 AM To: pas...@li... Subject: [Passwordsafe-devel] todo.html migration The migration is complete. Listed below is the old item number, followed by the corresponding items in the sf.net database. In some cases, more than one user had requested the same feature. Except for a few cases where I created some duplicates, I tried to locate an item in the sf.net database similar to the item in todo.html. As a developer, I don't have much control over the sf.net bugs and RFEs, so I could only create new items or add comments to the existing ones, which i did for everything below. Below are the details of the migration. Request For Enhancements (RFE) ------------------------------ old new desc --- --- ---- 1 726463 Create installer 5 726464,576941,661200 Database merge 6 726465 Open DB by dragging 7 726467 Update help file (no help source) 14 726476 Resizable window 15 726481 Column view 16 726482,618259 Command line open DB 18 726487 Clear clipboard button 19 553750 Copy shortcut (ctrl-c) 21 654677 Minimize to tray 22 504086 Export 23 558057 Print 24 524554 File locking 25 639439 Search 26 635046,541928,505540 Configure PW generator 27 726508 Add last modified field 28 564172 Add URL field 29 555440 View entries with a tree 30 726518 Notify of stale password 31 726520 Start app when windows starts 32 726521 Popup app on hot key 33 546621 Easier Access to Username & Password 34 635134 Drag/drop fields to other program 35 726481 Same as 15? column view 36 705515 Maintain password history 37 726583 Always on top 38 550458,550459 Lock (minimize) after timeout 39 726615 Single click password copy Bugs ---- old new desc --- --- ---- 9 726616 Large DB 10 726617 Clicking one entry brings up another 11 726620 Clear text username 12 726621 Clear text password ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Passwordsafe-devel mailing list Pas...@li... https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel |
|
From: Rony S. <ro...@gm...> - 2003-04-24 10:34:53
|
Hi John,
Thanks for your comments - This is what I had in mind when I wrote that the
merge would be tricky - not the code, but presenting the collisions to the
user in a clear and logical way.
Andrew Mullican has taken the lead on portability issues. I think the first
changes will be to refactor the code to support portability (i.e., the
Bridge pattern). If you'll follow the devel mailing list, you should see the
announcement when Andrew finishes this, at which time it would make sense
for you to pitch in for a PalmOS version (although I think you can start on
the hotsync side independantly?).
Let me know if and how you'd like to participate.
Cheers,
Rony
-----Original Message-----
From: pas...@li...
[mailto:pas...@li...]On Behalf Of John
Baldwin
Sent: Wednesday, April 23, 2003 7:46 PM
To: pas...@li...
Subject: RE: [Passwordsafe-devel] Short term tasks
Hi folks.
I originally signed on board to help with PalmOS portability. (I'd like to
eventually see a Palm
version hotsyncable to the desktop copy.)
Just a short comment regarding Gregg's comments:
> for #5, a collision check could be done and a number appended to entries
> that were the same. in the end, it would be up to the user to
> delete/rename them. the appended number would make them unique, but also
> keep them grouped together. we could also append the notes section to say
> which file a particular entry came from.
I think this should be an option for the user to choose.
The program should do a pre-scan to see how many collisions will happen. It
should inform
the user of the collision count and maybe give details on the first 2-3.
The user should have
the options of:
a) Overwrite copy "1" with copy "2" for this collision only, and continue
asking
b) Overwrite copy "2" with copy "1" for this collision only, and continue
asking
c) Overwrite all remaining collisions in copy "1" with copy "2"
d) Overwrite all remaining collisions in copy "2" with copy "1"
e) Make unique "split" (as Gregg described above), for this collision only,
and continue asking
f) Make unique "splits" for all remaining collisions
g) Discontinue the merge
For each collision (until the user issues one of the "do all" options), the
details of each
collision should be shown.
* * *
This scheme is very similar to the behavior you see when merging two
directories of files in
many file management utilities. I think it would be intuitive to operate,
and would allow every
user to have the exact behavior they desire, every time.
I think it would also save the user some effort:
* I might choose option (c) if I know I am updating a master list with an
update list I carry on
my laptop. (I didn't have to manually edit the splits.)
* I might choose option (e) if I am merging two dissimilar password
databases and don't
expect any collisions. I might go to option (f) if there turned out to be
many collisions. Or I
might use (g) and rethink my strategy.
I hope my comments are worth more than...
Just my $0.02 worth,
-- john baldwin
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Passwordsafe-devel mailing list
Pas...@li...
https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel
|
|
From: Edward Q. <equ...@be...> - 2003-04-24 05:51:49
|
hi all- sorry this took so long and i hope i havent help anyone up. had a bug and cvs issues. here are changes to make password safe a resizable app (size and position remembered) with a multi-column, sortable, display that can show passwords if so desired. i do have one issue that i have narrowed down to the display updates for the status bar. the status bar function calls would comletely invalidated the stack in release mode only. i will look to correct this over the weekend, but for now, updates are currently disabled for the status bar and a static message is displayed. gregg, nice work organizing the old and new todo lists. the changes i have submited should address old items 14, 15, & 35. should i make the corresponding updates in the list? rony, i finally got everything checked in, so you can toss the source files i sent you. sorry for bothering you with that. andrew, welcome! talk with everyone soon, eq |
|
From: gregg c. <gr...@ga...> - 2003-04-24 01:12:40
|
The migration is complete. Listed below is the old item number, followed by the corresponding items in the sf.net database. In some cases, more than one user had requested the same feature. Except for a few cases where I created some duplicates, I tried to locate an item in the sf.net database similar to the item in todo.html. As a developer, I don't have much control over the sf.net bugs and RFEs, so I could only create new items or add comments to the existing ones, which i did for everything below. Below are the details of the migration. Request For Enhancements (RFE) ------------------------------ old new desc --- --- ---- 1 726463 Create installer 5 726464,576941,661200 Database merge 6 726465 Open DB by dragging 7 726467 Update help file (no help source) 14 726476 Resizable window 15 726481 Column view 16 726482,618259 Command line open DB 18 726487 Clear clipboard button 19 553750 Copy shortcut (ctrl-c) 21 654677 Minimize to tray 22 504086 Export 23 558057 Print 24 524554 File locking 25 639439 Search 26 635046,541928,505540 Configure PW generator 27 726508 Add last modified field 28 564172 Add URL field 29 555440 View entries with a tree 30 726518 Notify of stale password 31 726520 Start app when windows starts 32 726521 Popup app on hot key 33 546621 Easier Access to Username & Password 34 635134 Drag/drop fields to other program 35 726481 Same as 15? column view 36 705515 Maintain password history 37 726583 Always on top 38 550458,550459 Lock (minimize) after timeout 39 726615 Single click password copy Bugs ---- old new desc --- --- ---- 9 726616 Large DB 10 726617 Clicking one entry brings up another 11 726620 Clear text username 12 726621 Clear text password |
|
From: gregg c. <gr...@ga...> - 2003-04-23 19:29:47
|
thanks for the input john. i like your options and will incorporate them when i work on this item. -gregg At 01:46 PM 4/23/2003 -0400, you wrote: >Hi folks. > >I originally signed on board to help with PalmOS portability. (I'd like >to eventually see a Palm >version hotsyncable to the desktop copy.) > >Just a short comment regarding Gregg's comments: > > > for #5, a collision check could be done and a number appended to entries > > that were the same. in the end, it would be up to the user to > > delete/rename them. the appended number would make them unique, but also > > keep them grouped together. we could also append the notes section to say > > which file a particular entry came from. > >I think this should be an option for the user to choose. > >The program should do a pre-scan to see how many collisions will >happen. It should inform >the user of the collision count and maybe give details on the first >2-3. The user should have >the options of: > >a) Overwrite copy "1" with copy "2" for this collision only, and continue >asking >b) Overwrite copy "2" with copy "1" for this collision only, and continue >asking >c) Overwrite all remaining collisions in copy "1" with copy "2" >d) Overwrite all remaining collisions in copy "2" with copy "1" >e) Make unique "split" (as Gregg described above), for this collision >only, and continue asking >f) Make unique "splits" for all remaining collisions >g) Discontinue the merge > >For each collision (until the user issues one of the "do all" options), >the details of each >collision should be shown. > >* * * > >This scheme is very similar to the behavior you see when merging two >directories of files in >many file management utilities. I think it would be intuitive to operate, >and would allow every >user to have the exact behavior they desire, every time. > >I think it would also save the user some effort: > * I might choose option (c) if I know I am updating a master list with > an update list I carry on >my laptop. (I didn't have to manually edit the splits.) > * I might choose option (e) if I am merging two dissimilar password > databases and don't >expect any collisions. I might go to option (f) if there turned out to be >many collisions. Or I >might use (g) and rethink my strategy. > > >I hope my comments are worth more than... > >Just my $0.02 worth, > -- john baldwin > >_______________________________________________ >Passwordsafe-devel mailing list >Pas...@li... >https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel |
|
From: John B. <joh...@ps...> - 2003-04-23 17:46:55
|
Hi folks.
I originally signed on board to help with PalmOS portability. (I'd like to eventually see a Palm
version hotsyncable to the desktop copy.)
Just a short comment regarding Gregg's comments:
> for #5, a collision check could be done and a number appended to entries
> that were the same. in the end, it would be up to the user to
> delete/rename them. the appended number would make them unique, but also
> keep them grouped together. we could also append the notes section to say
> which file a particular entry came from.
I think this should be an option for the user to choose.
The program should do a pre-scan to see how many collisions will happen. It should inform
the user of the collision count and maybe give details on the first 2-3. The user should have
the options of:
a) Overwrite copy "1" with copy "2" for this collision only, and continue asking
b) Overwrite copy "2" with copy "1" for this collision only, and continue asking
c) Overwrite all remaining collisions in copy "1" with copy "2"
d) Overwrite all remaining collisions in copy "2" with copy "1"
e) Make unique "split" (as Gregg described above), for this collision only, and continue asking
f) Make unique "splits" for all remaining collisions
g) Discontinue the merge
For each collision (until the user issues one of the "do all" options), the details of each
collision should be shown.
* * *
This scheme is very similar to the behavior you see when merging two directories of files in
many file management utilities. I think it would be intuitive to operate, and would allow every
user to have the exact behavior they desire, every time.
I think it would also save the user some effort:
* I might choose option (c) if I know I am updating a master list with an update list I carry on
my laptop. (I didn't have to manually edit the splits.)
* I might choose option (e) if I am merging two dissimilar password databases and don't
expect any collisions. I might go to option (f) if there turned out to be many collisions. Or I
might use (g) and rethink my strategy.
I hope my comments are worth more than...
Just my $0.02 worth,
-- john baldwin
|
|
From: Edward E. <pas...@ed...> - 2003-04-23 05:45:08
|
Hello all - My involvement with Passwordsafe has been minimal to say the least. My only contribution was to suggest a safer alternative to the original secure string class, way back when the project first appeared on SourceForge. I don't know if the changes were ever made (I never touched the code), but in my posts to the mailing list I mentioned an article I wrote on secure STL containers. I just wanted to let everyone know that article has been published (finally!) in the May 2003 issue of C/C++ User's Journal. The latest source code is available for download at http://www.eddeye.net/src/secalloc.html The included documentation and examples are enough to figure out how to use it, but I would recommend reading the article to learn about the gotchas and determine if it's suitable for use in PasswordSafe. Anyway that's it for me. I'm unsubscribing from the list and leaving the project (at least, that's what I would say if I'd ever actually been a part of the project :). If anyone wants to contact me, please email the user 'secalloc' at the domain in the above url. Edward |
|
From: gregg c. <gr...@ga...> - 2003-04-23 05:31:13
|
hey rony- for #5, a collision check could be done and a number appended to entries that were the same. in the end, it would be up to the user to delete/rename them. the appended number would make them unique, but also keep them grouped together. we could also append the notes section to say which file a particular entry came from. for #24, there were a number of requests to prevent multiple write access to the db. i was thinking of putting a write lock on the file so no other instances could write, but could do a read. this would prevent lost changes due to multiple people updating the same file. in doing this, i would redesign how/where file io is done and move it to it's own module to help with porting. i can do the data entry from the html to the sf.net tools. i won't pull across the ones already marked done. i'll update this list when complete and give the new reference numbers. are any of the items i listed possibly in edward's code that's about to be checked in? -gregg At 07:07 AM 4/23/2003 +0200, you wrote: >Hi Gregg, > >5 seems a bit tricky, mainly because you need to check for uniqueness of >names for entries, and handle duplicates somehow (user intervention). 24 >seems a bit against the "spirit" of the application as a single-user >application. 21, 37 and 38 should be configurable by the user via the >Options dialog box, I think. Other than that, I don't think there are any >constraints. > >I agree on moving from the todo list to Bugs & RFE - would you like to do >the migration? > >Thanks for the hint on WinCVS - that's probably my problem. > > Cheers, > > Rony > >-----Original Message----- >From: pas...@li... >[mailto:pas...@li...]On Behalf Of gregg >conklin >Sent: Tuesday, April 22, 2003 11:29 PM >To: pas...@li... >Subject: Re: [Passwordsafe-devel] Short term tasks > > >pending item 15, i can look at: > >5: Allow two databases to be merged (if the user enters both passwords). >18: Add a button on the toolbar to clear the clipboard >19: Control-C (copy) in edit fields >21: Minimize to system tray >24: Concurrent access (across network) >37: Always on top option >38: Minimize (lock) app when idle > >Any particular order I should look at these? Or are there some other items >that should be addressed first? > >I think we should migrate from the html todo list to the Bugs and RFE >sections of sf.net. It can track who is assigned to what, and items can be >marked as Open, Closed, Pending, etc. Plus, the community can comment on >aspects of a particular entry. > >I haven't tested committing yet, but I read one possible problem that could >happen-- checking the files out as anonymous, and then trying to check >them in as a user. The solution was to check out as the same user you >would check in as. (I'm using putty and cvs from www.cvshome.org) > >-gregg > >At 08:00 AM 4/22/2003 +0200, you wrote: > >Hi, > > > >OK, so here's what I see lined up for the next (1.9.1?) release: > > > >- Main dialog resizeable [#14] (eq) > > > >- Columnar table control [#15] (eq - did you do this already? If not, >Gregg) > > > >- Search function [#25] (ronys) > > > >- Filename of password database accepted as command line argument [#16] > >(ronys - done & in CVS) > > > >Looking back on my emails, I see that Edward wrote me that he's already >done > >Todo #15 (we should have moved to the mailing list sooner) - If this is the > >case, (1) My apologies for mis-management (2) anything else you'd like to > >do, Gregg? > > > >I've checked in some changes yesterday that are based around making the > >CMyString::m_mystring data member private (a) good software engineering > >practice in general, (b) more important, as a first step towards making the > >CMyString class implemented by the STL string class. > > > >BTW - I can't get WinCVS to commit (I'm doing it with Cygwin's CVS & ssh) - > >if any of you got it working, I'll be glad to learn how you did it... > > > > Cheers, > > > > Rony > > > > > >------------------------------------------------------- >This sf.net email is sponsored by:ThinkGeek >Welcome to geek heaven. >http://thinkgeek.com/sf >_______________________________________________ >Passwordsafe-devel mailing list >Pas...@li... >https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel |
|
From: <mul...@in...> - 2003-04-23 04:27:20
|
Hi, guys! Rony's added me to the project. My main task will be to work on portability issues. I'm glad to be aboard! -Andy |
|
From: Rony S. <ro...@gm...> - 2003-04-23 04:07:16
|
Hi Gregg, 5 seems a bit tricky, mainly because you need to check for uniqueness of names for entries, and handle duplicates somehow (user intervention). 24 seems a bit against the "spirit" of the application as a single-user application. 21, 37 and 38 should be configurable by the user via the Options dialog box, I think. Other than that, I don't think there are any constraints. I agree on moving from the todo list to Bugs & RFE - would you like to do the migration? Thanks for the hint on WinCVS - that's probably my problem. Cheers, Rony -----Original Message----- From: pas...@li... [mailto:pas...@li...]On Behalf Of gregg conklin Sent: Tuesday, April 22, 2003 11:29 PM To: pas...@li... Subject: Re: [Passwordsafe-devel] Short term tasks pending item 15, i can look at: 5: Allow two databases to be merged (if the user enters both passwords). 18: Add a button on the toolbar to clear the clipboard 19: Control-C (copy) in edit fields 21: Minimize to system tray 24: Concurrent access (across network) 37: Always on top option 38: Minimize (lock) app when idle Any particular order I should look at these? Or are there some other items that should be addressed first? I think we should migrate from the html todo list to the Bugs and RFE sections of sf.net. It can track who is assigned to what, and items can be marked as Open, Closed, Pending, etc. Plus, the community can comment on aspects of a particular entry. I haven't tested committing yet, but I read one possible problem that could happen-- checking the files out as anonymous, and then trying to check them in as a user. The solution was to check out as the same user you would check in as. (I'm using putty and cvs from www.cvshome.org) -gregg At 08:00 AM 4/22/2003 +0200, you wrote: >Hi, > >OK, so here's what I see lined up for the next (1.9.1?) release: > >- Main dialog resizeable [#14] (eq) > >- Columnar table control [#15] (eq - did you do this already? If not, Gregg) > >- Search function [#25] (ronys) > >- Filename of password database accepted as command line argument [#16] >(ronys - done & in CVS) > >Looking back on my emails, I see that Edward wrote me that he's already done >Todo #15 (we should have moved to the mailing list sooner) - If this is the >case, (1) My apologies for mis-management (2) anything else you'd like to >do, Gregg? > >I've checked in some changes yesterday that are based around making the >CMyString::m_mystring data member private (a) good software engineering >practice in general, (b) more important, as a first step towards making the >CMyString class implemented by the STL string class. > >BTW - I can't get WinCVS to commit (I'm doing it with Cygwin's CVS & ssh) - >if any of you got it working, I'll be glad to learn how you did it... > > Cheers, > > Rony > |
|
From: gregg c. <gr...@ga...> - 2003-04-22 21:28:49
|
pending item 15, i can look at: 5: Allow two databases to be merged (if the user enters both passwords). 18: Add a button on the toolbar to clear the clipboard 19: Control-C (copy) in edit fields 21: Minimize to system tray 24: Concurrent access (across network) 37: Always on top option 38: Minimize (lock) app when idle Any particular order I should look at these? Or are there some other items that should be addressed first? I think we should migrate from the html todo list to the Bugs and RFE sections of sf.net. It can track who is assigned to what, and items can be marked as Open, Closed, Pending, etc. Plus, the community can comment on aspects of a particular entry. I haven't tested committing yet, but I read one possible problem that could happen-- checking the files out as anonymous, and then trying to check them in as a user. The solution was to check out as the same user you would check in as. (I'm using putty and cvs from www.cvshome.org) -gregg At 08:00 AM 4/22/2003 +0200, you wrote: >Hi, > >OK, so here's what I see lined up for the next (1.9.1?) release: > >- Main dialog resizeable [#14] (eq) > >- Columnar table control [#15] (eq - did you do this already? If not, Gregg) > >- Search function [#25] (ronys) > >- Filename of password database accepted as command line argument [#16] >(ronys - done & in CVS) > >Looking back on my emails, I see that Edward wrote me that he's already done >Todo #15 (we should have moved to the mailing list sooner) - If this is the >case, (1) My apologies for mis-management (2) anything else you'd like to >do, Gregg? > >I've checked in some changes yesterday that are based around making the >CMyString::m_mystring data member private (a) good software engineering >practice in general, (b) more important, as a first step towards making the >CMyString class implemented by the STL string class. > >BTW - I can't get WinCVS to commit (I'm doing it with Cygwin's CVS & ssh) - >if any of you got it working, I'll be glad to learn how you did it... > > Cheers, > > Rony > > > >------------------------------------------------------- >This sf.net email is sponsored by:ThinkGeek >Welcome to geek heaven. >http://thinkgeek.com/sf >_______________________________________________ >Passwordsafe-devel mailing list >Pas...@li... >https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel |
|
From: Rony S. <ro...@gm...> - 2003-04-22 05:00:39
|
Hi, OK, so here's what I see lined up for the next (1.9.1?) release: - Main dialog resizeable [#14] (eq) - Columnar table control [#15] (eq - did you do this already? If not, Gregg) - Search function [#25] (ronys) - Filename of password database accepted as command line argument [#16] (ronys - done & in CVS) Looking back on my emails, I see that Edward wrote me that he's already done Todo #15 (we should have moved to the mailing list sooner) - If this is the case, (1) My apologies for mis-management (2) anything else you'd like to do, Gregg? I've checked in some changes yesterday that are based around making the CMyString::m_mystring data member private (a) good software engineering practice in general, (b) more important, as a first step towards making the CMyString class implemented by the STL string class. BTW - I can't get WinCVS to commit (I'm doing it with Cygwin's CVS & ssh) - if any of you got it working, I'll be glad to learn how you did it... Cheers, Rony |
|
From: Rony S. <ro...@gm...> - 2003-04-17 08:03:12
|
Hi, This is to formally announce that passwordsafe now has a new project administrator. It's been a year, almost to the day, since Jim Russell last actively maintained the project. All attempts to reach him via the Internet have failed. I hope all is well with him, and would like to thank him for the fine work he's done in bringing passwordsafe from Bruce Schneier's CounterPane Labs to SourceForge. I've been using PasswordSafe for quite a while now, and as a developer, I'm itching to add new features and enhance it, as well as port it to other platforms. Anyone who wants to contribute is more than welcome! Thanks, Rony Shapiro mailto:ro...@us... |
|
From: <dtw...@mm...> - 2002-10-21 16:50:13
|
Make sure you have downloaded and installed MS's HTML Help toolkit. If that doesn't help, send in a small snippet of the errors to help us get an idea what might be wrong. -Derek So, I checkedout latest CVS versions and I'm trying to build it with Visual C++ 6.0. It's not going well. I created a blank workspace/project and added all appropriate files to said project. However, hitting 'build' yields many errors, not the executable I was expecting. Before going into excruciating detail as to the exact details behind my errors can anyone throw out a guess as to something obviously stupid that I've missed? -- Robert Trace (rt...@qw...) ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Passwordsafe-devel mailing list Pas...@li... https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel |
|
From: Robert T. <rt...@qw...> - 2002-10-18 07:18:40
|
So, I checkedout latest CVS versions and I'm trying to build it with Visual C++ 6.0. It's not going well. I created a blank workspace/project and added all appropriate files to said project. However, hitting 'build' yields many errors, not the executable I was expecting. Before going into excruciating detail as to the exact details behind my errors can anyone throw out a guess as to something obviously stupid that I've missed? -- Robert Trace (rt...@qw...) |
|
From: Laurent S. <ls...@ta...> - 2002-10-01 17:05:43
|
I just opened a new bug (617062) in SourceForge Bugs Tracker. I get some "Application error" when trying to open my password database. My last backup is just old enough for me to have a strong incentive to help solve this bug :-) PasswordSafe is currently for me a daily working tool ! First, I would like to build and debug on my system. Does any-one have a working VC++ .NET project file ? I spent some times trying to make one without success until now. Apparently the provided makefile does not work with "nmake" and I still get hundreds of compilations errors after a couple of hours tweaking a new project file. |
|
From: Michael Q. <mq...@ma...> - 2002-08-03 22:41:44
|
Line 21, m_nImageID == -1; should be m_nImageID = -1; --- Michael A. Quinlan |
|
From: Steve L. <st...@is...> - 2002-06-25 18:00:28
|
----- Original Message ----- From: <pas...@li...> To: <pas...@li...> Sent: Saturday, June 22, 2002 12:21 PM Subject: Passwordsafe-devel digest, Vol 1 #10 - 4 msgs > > > Message: 3 > > Date: Fri, 21 Jun 2002 00:39:06 -0400 > Message: 2 > Date: Sat, 22 Jun 2002 03:32:40 -0400 > From: Edward Elliott <pas...@ed...> > To: pas...@li... > Subject: Re: [Passwordsafe-devel] SecureAllocator > > > Steve Loughran wrote: > > > > 3. My main fear is of laptop hibernation, at the bios level or into a > > hibernation file. The tactic here must be to go into 'erase everything' mode > > when a suspend or hibernate WM_POWER message comes in, but I also recommend > > doing the same thing when the app wakes up; a laptop's 'panic' shutdown can > > hibernate without sending a message out to anything > > Excellent point. If you have ideas or can point me to more > information to implement this feature, I would love to do so. > Quick summary of the onnow api: http://www.iseran.com/Win32/Articles/onnow.html ; including the code snippets needed to add shutdown awareness to your app. If you want details on what notebooks get up to in the field, the most recent study is still my '99 one: The Secret Life of Notebooks http://www.hpl.hp.com/techreports/2000/HPL-2000-21.html presentation: http://www.iseran.com/Steve/notebook_slides.pdf Core findings: even desktop replacement systems get powered off regularly, as they get moved around; often it is while a system off that hardware gets juggled, the lan goes away &c. So when you come back up, you have to be prepared for missing files and the like. Word 2000 adds power but gets it wrong: it wont let you suspend while a network file is open, but all that ends up doing is irritating users who end up pulling the lan card out and running to their meeting with a powered up notebook. Whoever added that feature didnt really understand how mobile users worked. |
|
From: Edward E. <pas...@ed...> - 2002-06-22 07:56:29
|
Noticed one more thing. Steve Loughran wrote: > 4. the only way to really hide this stuff is in a device driver. MS have a > service in winXP for this purpose, but I havent explored it. Are you talking about the Data Protection API in win2k and XP? The keys used to store this data are derived from the user's system password. That's a huge potential weak link, given both the ease of recovering Windows passwords and the generally poor password choices most people make. Also, if an admin resets a user's password, any data he has stored becomes inaccessible (unless of course it was a poorly-chosen password :). But DPAPI isn't really a service. Did you mean the LSA? That service has been around since NT 4 at least, but it's not any better. Check out the book Writing Secure Code from MS Press (ISBN 0-7356-1588-8). It's got great win-specific security tips, and is pretty unbiased for a MS Press book. The authors even admit: "If the data being secured is high-risk...use Windows 9x/ME/CE ONLY if you get an [encryption] key from a user or an external source." In some areas they are a little too trusting, given MS's track record for bad security and cryptography. Still, well worth owning if you plan to do any secure programming in Windows. Ed |
|
From: Edward E. <pas...@ed...> - 2002-06-22 07:37:57
|
Quick addendum: Steve Loughran wrote: > when a suspend or hibernate WM_POWER message comes in, but I also recommend > doing the same thing when the app wakes up; a laptop's 'panic' shutdown can > hibernate without sending a message out to anything 1) Is there a way to detect when the laptop comes back up after such a forced hibernation? 2) There's no need to erase the data from the application's memory when coming out of hibernation. The danger is in the data written to disk. Is there a way to locate the disk sectors the memory was written to on hibernation so we can scrub them? Ed |
|
From: Edward E. <pas...@ed...> - 2002-06-22 07:33:24
|
Steve Loughran wrote: > 1. WinNT guarantees to have zeroed memory before another app asks for it. > But the zeroing can be done in a low priority thread; it can hang around in > unallocated state for some time. I am not sure about the win9x guarantees, > or more importantly, how seriously to take them. Thanks for the info. If NT makes a hard guarantee about clearing memory before realllocating (mind you, that's a big if), my only concerns with data hanging around in memory for a while is the possibility of it getting swapped to disk somehow. The suspend feature you mention is one way. But also, any requests to lock the memory with VirtualLock are surely nullified when the memory is released. I don't see why the system would swap out a page that isn't allocated to any program, but then I'm far from an expert on Windows internals. All in all, it's safer to clear the memory ourselves; a little overkill never hurt :). Anything win9x "guarantees" can be taken as a mild suggestion IMO :). > 2. It's hard to stop memory being paged out. There is an api cal for NT, :: > VirtualLock () that can do it; The app/user needs SE_INC_BASE_PRIORITY_NAME > rights to be able to do this, which makes it not very useful. And its a > no-op on Win9x. According to the MSDN documentation, any process may lock up to its maximum allowed working set size into memory with no special privileges; SE_INC_BASE_PRIORITY_NAME is only needed to lock more than that, assuming you also can't increase your max working set size. On my win2k system the max set size is something like several hundred KB, iirc. Only a small portion of that should actually be used by a process's instruction working set, leaving plenty of memory to lock in a few keys or passwords. Also, I believe memory locked with VirtualLock takes priority, such that explicitly locked memory can cause the instruction working set to be swapped out if there is not enough memory to satisfy both (causing horrible thrashing, but no security vulnerability). Yes it's a no-op on win9x, but who runs secure multi-user code on a 9x box anyway? There's no enforced memory protection, for god's sake. It's like keeping the deed to your house in a gunny sack on the front lawn. > 3. My main fear is of laptop hibernation, at the bios level or into a > hibernation file. The tactic here must be to go into 'erase everything' mode > when a suspend or hibernate WM_POWER message comes in, but I also recommend > doing the same thing when the app wakes up; a laptop's 'panic' shutdown can > hibernate without sending a message out to anything Excellent point. If you have ideas or can point me to more information to implement this feature, I would love to do so. > 4. the only way to really hide this stuff is in a device driver. MS have a > service in winXP for this purpose, but I havent explored it. My understanding agrees with this. A device driver is the only code that can obtain physical memory which the system will not touch. However writing one is a lot of work, and it would have to reimplement access control to ensure each user can only access their own passwords/keys. An interesting possibility, but I'm not convinced there's enough of a threat to make it worthwhile right now. Thanks for all the hard info, Steve! Let's keep this discussion rolling! Ed |
|
From: Steve L. <st...@is...> - 2002-06-22 06:31:12
|
> Message: 3 > Date: Fri, 21 Jun 2002 00:39:06 -0400 > From: Edward Elliott <pas...@ed...> > To: 'PasswordSafe Development' <pas...@li...> > Subject: Re: [Passwordsafe-devel] SecureAllocator > > Nice job, James. > > 3) Clearing memory before releasing it is not the only issue. In > fact, I seem to recall reading somewhere that some Windows OSes zero > out all memory pages that are returned to the system (though I could > be wrong about this). In any case, what worries me more is paging out > of keys and passwords to the swap file, where they can remain on disk > much longer than the lifetime of the program. Some more work to add, > but doable. > 1. WinNT guarantees to have zeroed memory before another app asks for it. But the zeroing can be done in a low priority thread; it can hang around in unallocated state for some time. I am not sure about the win9x guarantees, or more importantly, how seriously to take them. 2. It's hard to stop memory being paged out. There is an api cal for NT, :: VirtualLock () that can do it; The app/user needs SE_INC_BASE_PRIORITY_NAME rights to be able to do this, which makes it not very useful. And its a no-op on Win9x. 3. My main fear is of laptop hibernation, at the bios level or into a hibernation file. The tactic here must be to go into 'erase everything' mode when a suspend or hibernate WM_POWER message comes in, but I also recommend doing the same thing when the app wakes up; a laptop's 'panic' shutdown can hibernate without sending a message out to anything 4. the only way to really hide this stuff is in a device driver. MS have a service in winXP for this purpose, but I havent explored it. -Steve |
|
From: Edward E. <pas...@ed...> - 2002-06-21 05:50:57
|
Thanks for the information. I want to get my code to run on VC7 but I
haven't had a copy to mess around with myself yet. I will fold in
those changes soon.
You can still link/use the allocator without boost threads if you
stick to the single-threaded version. Just pass the NoLocking thread
policy as the LockPolicy parameter to SecureAllocator.
Actually, this will still require linking to Boost threads for the
mutex in PolicyHolder (misc.h); I suppose I should fix that so the
single-threaded version doesn't need Boost threads. In the meantime,
you can comment out line 37 in misc.h:
typename MutexLocking<PolicyHolder<Policy> >::Lock lock;
and change line 27 from
typedef MutexLocking<Policy*>::VolatileType PtrType;
to
typedef Policy* PtrType;
I believe that should eliminate the need to link to Boost, although
you will still need their header files. I should fix that as well.
Thanks!
Edward
James Curran wrote:
> For fun, I ran your code through VC7. It realize a few
> interesting things.
> SecureAllocator::max_size() & SecureAllocator::getAllocate() should be
> const. (I'm kinda curious how that got past VC6). Further, all
> references to
> #if define (_MSC_VER)
> Can be replaced by
> #if defined(_MSC_VER) && _MSC_VER <= 1200
> (ie, if VC6 or earlier)-- except for the one around
> SecureAllocator::allocate(). That still has the bad signature. (Which
> also means that with VC7, you don't need NoSwapHeap.cpp anymore)
>
> I don't have the boost threading library available, so I
> couldn't link the code.
>
> Truth,
> James Curran
>
>
> -----Original Message-----
> From: pas...@li...
> [mailto:pas...@li...] On Behalf Of
> Edward Elliott
> Sent: Friday, June 21, 2002 12:39 AM
> To: 'PasswordSafe Development'
> Subject: Re: [Passwordsafe-devel] SecureAllocator
>
>
> Nice job, James.
>
> First, so this information doesn't get buried in the post, here is the
> link to my SecureAllocator code:
>
> http://www.eddeye.net/src/secalloc.html
>
> It addresses all of the issues below. I have also written a detailed
> article on the design and usage of my allocator, which is currently
> being considered for publication in the C/C++ User's Journal. If anyone
> is interested, I can see about getting you an advance copy of the
> article. Meanwhile, the code is well commented and the readme file
> covers its usage.
>
> Allocators have many subtle issues. I'd just like to make a few
> observations on James's code:
>
> 1) Why subclass std::allocator? Reimplementing all of std::allocator's
> functions can be done in a few lines, and avoids any problems with
> subclassing. Notably, the C++ Standard says if two allocators compare
> equal, they may be used to deallocate each other's memory. When
> std::allocator's operator= is called with your SecureAllocator as an
> argument, this will happen and you lose all the protections. Easy
> enough to fix.
>
> 2) Since you don't reimplement the rebind nested template each allocator
> must provide, SecureAllocator inherits std::allocators. for Whenever a
> container uses rebind to obtain an allocator of a type other than the
> container value type (T), it will obtain a std::allocator and not a
> SecureAllocator. This occurs with every container other than vectors
> and strings; lists, maps, and sets all store values in their own tree or
> node structure type. Again, easy to fix.
>
> 3) Clearing memory before releasing it is not the only issue. In fact,
> I seem to recall reading somewhere that some Windows OSes zero out all
> memory pages that are returned to the system (though I could be wrong
> about this). In any case, what worries me more is paging out of keys
> and passwords to the swap file, where they can remain on disk much
> longer than the lifetime of the program. Some more work to add, but
> doable.
>
> 4) Each STL has its own quirks with regards to allocator usage. For
> example, the STL which ships with MSVC6 calls an (undocumented) method
> in an allocator, _Charalloc, to allocate memory for types other than T
> (the container value type). MSVC doesn't use the rebind template as
> prescribed by the C++ Standard because they haven't implement nested
> templates yet. Easy to fix.
>
> 5) Likewise, the popular STLPort implementation, which I use with MSVC,
> uses some external templated functions to perform rebinding on compilers
> that don't support nested templates (a much cleaner solution than
> Microsoft's hack). If you plan to use the allocator with STLPort, these
> will have to be added.
>
> I might add that in addition to solving these issues, my allocator
> - is well-tested, having been used in several projects for many months
> with success.
> - is cross-platform, having been tested with MSVC and gcc on 32-bit
> Windows, and gcc on linux. it should port easily to any other unix.
> - uses policy classes for easy extensibility.
> - is thread safe.
>
> I leave it to others to decide what use, if any, to make of my code.
>
>
> Edward Elliott
>
> BTW, I apologize for sending several copies of my last post. I was
> having trouble with my mail server and thought the first two submissions
> failed. Nevertheless, I am embarassed by the slipup.
>
>
>
>
> -------------------------------------------------------
> Sponsored by:
> ThinkGeek at http://www.ThinkGeek.com/
> _______________________________________________
> Passwordsafe-devel mailing list Pas...@li...
> https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel
>
>
>
> -------------------------------------------------------
> Sponsored by:
> ThinkGeek at http://www.ThinkGeek.com/
> _______________________________________________
> Passwordsafe-devel mailing list
> Pas...@li...
> https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel
>
|
|
From: James C. <Ja...@No...> - 2002-06-21 05:33:12
|
For fun, I ran your code through VC7. It realize a few
interesting things.
SecureAllocator::max_size() & SecureAllocator::getAllocate() should be
const. (I'm kinda curious how that got past VC6). Further, all
references to
#if define (_MSC_VER)
Can be replaced by
#if defined(_MSC_VER) && _MSC_VER <= 1200
(ie, if VC6 or earlier)-- except for the one around
SecureAllocator::allocate(). That still has the bad signature. (Which
also means that with VC7, you don't need NoSwapHeap.cpp anymore)
I don't have the boost threading library available, so I
couldn't link the code.
Truth,
James Curran
-----Original Message-----
From: pas...@li...
[mailto:pas...@li...] On Behalf Of
Edward Elliott
Sent: Friday, June 21, 2002 12:39 AM
To: 'PasswordSafe Development'
Subject: Re: [Passwordsafe-devel] SecureAllocator
Nice job, James.
First, so this information doesn't get buried in the post, here is the
link to my SecureAllocator code:
http://www.eddeye.net/src/secalloc.html
It addresses all of the issues below. I have also written a detailed
article on the design and usage of my allocator, which is currently
being considered for publication in the C/C++ User's Journal. If anyone
is interested, I can see about getting you an advance copy of the
article. Meanwhile, the code is well commented and the readme file
covers its usage.
Allocators have many subtle issues. I'd just like to make a few
observations on James's code:
1) Why subclass std::allocator? Reimplementing all of std::allocator's
functions can be done in a few lines, and avoids any problems with
subclassing. Notably, the C++ Standard says if two allocators compare
equal, they may be used to deallocate each other's memory. When
std::allocator's operator= is called with your SecureAllocator as an
argument, this will happen and you lose all the protections. Easy
enough to fix.
2) Since you don't reimplement the rebind nested template each allocator
must provide, SecureAllocator inherits std::allocators. for Whenever a
container uses rebind to obtain an allocator of a type other than the
container value type (T), it will obtain a std::allocator and not a
SecureAllocator. This occurs with every container other than vectors
and strings; lists, maps, and sets all store values in their own tree or
node structure type. Again, easy to fix.
3) Clearing memory before releasing it is not the only issue. In fact,
I seem to recall reading somewhere that some Windows OSes zero out all
memory pages that are returned to the system (though I could be wrong
about this). In any case, what worries me more is paging out of keys
and passwords to the swap file, where they can remain on disk much
longer than the lifetime of the program. Some more work to add, but
doable.
4) Each STL has its own quirks with regards to allocator usage. For
example, the STL which ships with MSVC6 calls an (undocumented) method
in an allocator, _Charalloc, to allocate memory for types other than T
(the container value type). MSVC doesn't use the rebind template as
prescribed by the C++ Standard because they haven't implement nested
templates yet. Easy to fix.
5) Likewise, the popular STLPort implementation, which I use with MSVC,
uses some external templated functions to perform rebinding on compilers
that don't support nested templates (a much cleaner solution than
Microsoft's hack). If you plan to use the allocator with STLPort, these
will have to be added.
I might add that in addition to solving these issues, my allocator
- is well-tested, having been used in several projects for many months
with success.
- is cross-platform, having been tested with MSVC and gcc on 32-bit
Windows, and gcc on linux. it should port easily to any other unix.
- uses policy classes for easy extensibility.
- is thread safe.
I leave it to others to decide what use, if any, to make of my code.
Edward Elliott
BTW, I apologize for sending several copies of my last post. I was
having trouble with my mail server and thought the first two submissions
failed. Nevertheless, I am embarassed by the slipup.
-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Passwordsafe-devel mailing list Pas...@li...
https://lists.sourceforge.net/lists/listinfo/passwordsafe-devel
|
13 messages has been excluded from this view by a project administrator.
