trinity-devel@lists.pearsoncomputing.net

Message: previous - next
Month: December 2011

Re: [trinity-devel] "Keep password" check box restored to kdesu dialog box

From: "Timothy Pearson" <kb9vqf@...>
Date: Sat, 3 Dec 2011 21:48:38 -0600
>> So at it's core this is really a documentation issue.
>> If the dialog box
>> contained a single line stating the application the
>> password is stored for
>> and when the password storage will expire then I would be
>> willing to add
>> the checkbox back.  Poorly defined or unknown/obscure
>> behaviour is not a
>> good thing when dealing with root access ;-)
>
> The application is already stated in the dialog box. However, the text is
> not obvious and tends to just blend with the box. Perhaps the app
> information should be bolded or be more verbose. For example, use KRunner
> to type kdesu kate and this is what appears:
>
> Command: kate
>
> Perhaps that can be changed to:
>
> Command: Run kate as root
>
> I don't remember all the individual source files, but I seem to recall the
> "Keep password" check box widget is in kdelibs while the kdesu dialog box
> is part of kdebase. Any additional "notice" would have to be provided in
> the kdesu dialog box.
>
> Right now the kdesu dialog looks like this:
>
> =======================================
> Run as root - KDE su
> =======================================
> The action you requested needs root
> privileges. Please enter root's
> password below or click Ignore to
> continue with your current privileges.
>
> Command: kate
> Password: _________________
>
> |_| Keep password
>
>          Ignore    OK     Cancel
> =======================================
>
> Perhaps underneath the Keep password widget, only when the user enables
> the check box, the following text appears dynamically:
>
> Keeping the password is good only for
> X hours, only for kate, and only for
> this session.
>
> The duration X is fetched from defaults.h.
>
> If the user does not enable the check box the text does not appear. By
> appearing dynamically, the potential security risk is more obvious. Or the
> warning text could be ghosted when the check box is disabled and unghosted
> when enabled.
>
> Darrell

I like the dynamic-show idea--it does flag it for the sysadmin, and should
be discoverable enough from an interface standpoint.

Tim

powered by ezmlm-www (v1.4.5)