We have moved to a new Sailfish OS Forum. Please start new discussions there.
3

Storeman "secret cookies"

asked 2020-07-03 12:33:47 +0200

defactofactotum gravatar image

updated 2020-07-03 22:10:32 +0200

I get this prompt to authorise secret cookies every time I open storeman. Is there a way to stop it?image description

edit retag flag offensive close delete

Comments

5

You might be better off posting your problem on the Storeman repo at Openrepos, as the author (osetr) is more likely to see it and respond.

Spam Hunter ( 2020-07-03 13:37:47 +0200 )edit
5

Hi, I'm the author of Storeman. Did you faced the issue right after upgrading to 0.1.10? Did you launched Storeman from command line before it?

mentaljam ( 2020-07-03 15:03:59 +0200 )edit

Just for the record, I am seeing the same message. @mentaljam, it happened right after an upgrade a few days ago, and no, I have never launched Storeman from the command line. I hit the "cancel" button and Storeman works fine.

mortenbo ( 2020-07-03 16:09:54 +0200 )edit

@mortenbo, has the notification ever appeared again?

mentaljam ( 2020-07-03 16:12:12 +0200 )edit

@mentaljam, it appears whenever I start Storeman, so it is a persistent problem.

mortenbo ( 2020-07-03 16:48:19 +0200 )edit

1 Answer

Sort by » oldest newest most voted
6

answered 2020-07-03 20:52:31 +0200

mentaljam gravatar image

Starting from v0.1.10, Storeman uses Sailfish Secrets to store authorization data (OpenRepos cookie and token). Optionally the user password can be stored to perform automatic re-login after the authorization expires. Currently, there is no other way to prolong authorization without re-login due to server-side implementation.

Storeman creates a secure storage when first launched. After each time the Sailfish Secrets daemon restart (for example after reboot) the Sailfish OS will request access to the storage when one starts Storeman. Once accepted, the prompt would not be shown until the next reboot.

One can decline the access but then the prompt would be shown each time Storeman starts. As I understand, there is no way to change the prompt text as it is defined by the system service.

The request of the storage access can be disabled in the Storeman's source code. But I don't think it is a good idea as it makes authorization data vulnerable.

edit flag offensive delete publish link more

Comments

4

But can't you suppress the prompt itself? Most users will have no way to make an informed choice as to whether the request should be accepted. And if it is harmless, then why bother the user in the first place? If accepting is always the safest choice, then just accept on behalf of the user.

mortenbo ( 2020-07-03 20:59:49 +0200 )edit
Login/Signup to Answer

Question tools

Follow
6 followers

Stats

Asked: 2020-07-03 12:33:47 +0200

Seen: 929 times

Last updated: Jul 03 '20