BM: Save hostname/password pair for CCs in Manager's configuration file?

[fthomas]

When the core client has set a password for GUI RPCs and the Manager is not started in the client's data directory, the Manager complains that it cannot read the password from the gui_rpc_auth.xml file because it cannot find this file. To still connect to the local client, one needs to select localhost and type in the password at the "Select Computer" dialog. To control the client with a remote Manager, one always has to type in hostname and password at the "Select Computer" dialog.

It would have two advantages if the Manager would save the hostname/password pair entered at the "Select Computer" dialog in its config file. First the Manager would be able to connect to the local client although it wasn't started in the client's data directory and secondly the hostname/password input widgets could complete hostnames and preselect passwords. The only drawback of this proposal is that the passwords probably need to be saved in cleartext in the configuration file.

[Nicolas]

It would have two advantages if the Manager would save the hostname/password pair entered at the "Select Computer" dialog in its config file.

At the user's choice. I'd suggest adding a "Remember this password" checkbox below the password text field. This also lets the user make the manager "forget" a password by selecting the hostname (at this point the manager would auto-fill password) and unchecking the box.

The only drawback of this proposal is that the passwords probably need to be saved in cleartext in the configuration file.

Correct. One-way encryption (hashing) can't be used, there is no way around that unfortunately. The authentication is done with a challenge-response system. Both RPC client and server (the RPC server is the core client; confusing!) need the password in plaintext at some point.

[romw]

storing passwords in clear text is very bad to do.

[fthomas]

But the password is stored cleartext in gui_rpc_auth.cfg too.