#15334 closed task (fixed)
HaikuBook: document Key/KeyStore API
Reported by: | nielx | Owned by: | nielx |
---|---|---|---|
Priority: | normal | Milestone: | R1/beta2 |
Component: | Documentation | Version: | R1/Development |
Keywords: | HaikuBook | Cc: | |
Blocked By: | Blocking: | ||
Platform: | All |
Description
This currently is undocumented.
See:
- https://git.haiku-os.org/haiku/tree/docs/user/app/Key.dox
- https://git.haiku-os.org/haiku/tree/docs/user/app/KeyStore.dox
References:
Change History (9)
comment:1 by , 5 years ago
Milestone: | R1/beta2 → Unscheduled |
---|
comment:2 by , 5 years ago
comment:3 by , 5 years ago
We could make the decision to actively document this decision, like: "Warning: the KeyStore system does not currently encrypt passwords and other data. If you application needs a higher level of security, you will need to use other methods to securely store password and other data."
We could also choose to explicitly warn people against using the API.
The third option is to leave it undocumented.
I am leaning for the first one here.
comment:4 by , 5 years ago
Rather than telling people to use other methods, I would rather tell them to wait until this is implemented, or help fixing it (we don't want app to come up with their own things here, there's a good reason we want to provide an API for this). But yes, not documenting this is the worst thing to do.
It can't be that hard to add a password request and encryption system to the keystore, right?
comment:5 by , 5 years ago
Milestone: | Unscheduled → R1/beta2 |
---|
Putting it back as a goal for R1 beta 2.
It should indeed be made clear that the password is not encrypted, and the convenience is in the API and not in security.
comment:6 by , 5 years ago
Milestone: | R1/beta2 → Unscheduled |
---|
comment:7 by , 5 years ago
Status: | new → in-progress |
---|
Proposed patch on https://review.haiku-os.org/c/haiku/+/2319
comment:9 by , 5 years ago
Milestone: | Unscheduled → R1/beta2 |
---|
Assign tickets with status=closed and resolution=fixed within the R1/beta2 development window to the R1/beta2 Milestone
The Keystore doesn't encrypt its contents, so I'm not sure we should be advertising it so widely without fixing that...