You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by bu...@apache.org on 2006/04/25 12:48:00 UTC
DO NOT REPLY [Bug 39399] New: - [vfs] Display safe and user friendly VFS URLs
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39399>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39399
Summary: [vfs] Display safe and user friendly VFS URLs
Product: Commons
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: VFS
AssignedTo: commons-dev@jakarta.apache.org
ReportedBy: renyedi@yahoo.com
In JCommander we need to display VFS URLs at many places in the GUI. We have two
requirements: hide any password and display user friendly paths where possible.
By user friendly paths we mean not displaying the file:// schema for local files
and showing the path with the platform specific path separator.
So for instance the ftp://user:pass@host.org/ is displayed as
ftp://user@host.org. Also, under Windows, the file://c:/ URL is displayed as c:\
We have a partially working implementation for this feature request which
approaches things in reverse by using regular expression match and replace. This
however is not the preferred way.
I think that such a feature should be part of VFS itself. I would like to
propose two API changes:
1. add the getFriendlyName() to the FileName interface - this method should work
as specified above, except that the string should be internally built rather
than regular expression based
2. change the toString() implementation of FileObject and FileName implementers
in a way that by default no password to be displayed so that no passwords show
up accidentally in log files
Please let me know what do you think about this feature request. The JCommander
team would be glad to provide a patch with the implementation if we can agree on
how to change the interfaces.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
DO NOT REPLY [Bug 39399] - [vfs] Display safe and user friendly VFS URLs
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39399>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39399
renyedi@yahoo.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
DO NOT REPLY [Bug 39399] - [vfs] Display safe and user friendly VFS URLs
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39399>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39399
------- Additional Comments From mario@ops.co.at 2006-04-25 11:17 -------
Hi!
According to http://wiki.apache.org/jakarta-commons/VfsNext point 3. I'd prefer
a "user authentication api"
This class could be configureable through the FileSystemOptions. I am not sure
about the interface, but it might be something like:
interface AuthenticationHandler
public char[][] authenticate(String url, String[] fields, String[] defaults)
where fields e.g. is "username, password, domain (in case of jsch)"
url is the root url of the fs requesting the information
I am not sure if we should use char[][] as return type, but somewhere on the net
I read that this is the more secure way how to deal with sensitive data as then
you can nullify the array and the data is no longer around waiting for gc.
Even if the used libraries do NOT use the char[] trick we should avoid
introducing discussion about the security model in VFS.
Things like "save my password" should be handled by the AuthenticationHandler.
Todo list:
*) create the AuthenticationHandler interface
*) Add the get/setAuthenticationHandler stuff to FileSystemConfigBuilder
*) skim through VFS and (in case no user/pass is provided by the url) get the
authentication data from the AuthenticationHandler (via FileSystemOptions) when
creating the various clients
You could implement a SWTAuthenticationHandler, SwingAuthenticationHandler,
PAMAuthenticationHandler or whatever your application requires.
With this change the username/password stuff is no longer visible without
changing the FileName handling.
WDYT?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
DO NOT REPLY [Bug 39399] - [vfs] Display safe and user friendly VFS URLs
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39399>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39399
------- Additional Comments From renyedi@yahoo.com 2006-04-26 11:30 -------
Indeed, the user authentication API would be very useful and I agree with your
approach. It would be a callback mechanism similar to what's available in JCIFS.
But I see this feature request as complementary to that. This is because users
will still be able to specify a URL with username and password (a password which
could easily get into logs).
How about the user friendly display of URLs? Don't you think that this should be
part of VFS itself rather than doing it externally?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
DO NOT REPLY [Bug 39399] - [vfs] Display safe and user friendly VFS URLs
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39399>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39399
------- Additional Comments From mario@ops.co.at 2006-04-27 14:08 -------
Ok, you are right too.
Adding a getFriendlyName() is fine for me.
Changing toString() on the other hand might be dangerous if someone does
something like this:
String path = fo.toString();
....
VFS.getManager().resolveFile(path)
This will fail then.
I think (hope) a getFriendlyName() is sufficient.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org