Opened 3 months ago

Last modified 8 weeks ago

#15334 new task

HaikuBook: document Key/KeyStore API

Reported by: nielx Owned by: nielx
Priority: normal Milestone: Unscheduled
Component: Documentation Version: R1/Development
Keywords: HaikuBook Cc:
Blocked By: Blocking:
Has a Patch: no Platform: All

Description

Change History (6)

comment:1 by waddlesplash, 3 months ago

Milestone: R1/beta2Unscheduled

comment:2 by waddlesplash, 3 months ago

The Keystore doesn't encrypt its contents, so I'm not sure we should be advertising it so widely without fixing that...

comment:3 by nielx, 3 months ago

We could make the decision to actively document this decision, like: "Warning: the KeyStore system does not currently encrypt passwords and other data. If you application needs a higher level of security, you will need to use other methods to securely store password and other data."

We could also choose to explicitly warn people against using the API.

The third option is to leave it undocumented.

I am leaning for the first one here.

comment:4 by pulkomandy, 3 months ago

Rather than telling people to use other methods, I would rather tell them to wait until this is implemented, or help fixing it (we don't want app to come up with their own things here, there's a good reason we want to provide an API for this). But yes, not documenting this is the worst thing to do.

It can't be that hard to add a password request and encryption system to the keystore, right?

comment:5 by nielx, 3 months ago

Milestone: UnscheduledR1/beta2

Putting it back as a goal for R1 beta 2.

It should indeed be made clear that the password is not encrypted, and the convenience is in the API and not in security.

comment:6 by waddlesplash, 8 weeks ago

Milestone: R1/beta2Unscheduled
Note: See TracTickets for help on using tickets.