Author Topic: regex match as URL used for generated password  (Read 25781 times)

Offline nicerobot

  • Jr. Member
  • **
  • Posts: 16
Re: regex match as URL used for generated password
« Reply #15 on: June 25, 2007, 05:28:06 PM »
I edited my post after you replied, - there are actually two FR's - may want to check them both...
I like both. Really, any improvement to grouping and viewing will be nice.

Quote
Ok - but mind if I was why you say it would only come *close* - it seems to me it fulfills all of it, just, as I said, a bit differently than you had originally asked for...
"close" only because it's still not clear to me that your request allows for as much versatility with respect to the value (generated from the url) used in generating the password. In other words, it seems more fixed than I was requesting.

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: regex match as URL used for generated password
« Reply #16 on: June 25, 2007, 05:49:40 PM »
Quote
Quote
Ok - but mind if I was why you say it would only come *close* - it seems to me it fulfills all of it, just, as I said, a bit differently than you had originally asked for...
"close" only because it's still not clear to me that your request allows for as much versatility with respect to the value (generated from the url) used in generating the password. In other words, it seems more fixed than I was requesting.
Fair enough - it is more fixed, since it will only use the 'Calculated URL', and this would not be in an editable form.

That said - do you have any really convincing argument as to why having this value be in an editable form would provide any *real* added value? Flexibility for flexibility's sake is not necessarily a 'good thing' - and in fact can create more room for user error/confusion, which I think this would do. As long as it provides the ability to have a unique value for each domain/pattern/entry, it provides the functionality you want (different password for each URL), with no added room for user error.

Ultimately, though, you could make a FR for this to be added to the 'Advanced Security Mode' (which will be the current 'URL Pattern' manager) as an editable field, but I don't know if Eric will be interested in implementing it or not.

Offline nicerobot

  • Jr. Member
  • **
  • Posts: 16
Re: regex match as URL used for generated password
« Reply #17 on: June 25, 2007, 06:17:07 PM »
That said - do you have any really convincing argument as to why having this value be in an editable form would provide any *real* added value? Flexibility for flexibility's sake is not necessarily a 'good thing' - and in fact can create more room for user error/confusion, which I think this would do. As long as it provides the ability to have a unique value for each domain/pattern/entry, it provides the functionality you want (different password for each URL), with no added room for user error.

Ultimately, though, you could make a FR for this to be added to the 'Advanced Security Mode' (which will be the current 'URL Pattern' manager) as an editable field, but I don't know if Eric will be interested in implementing it or not.
I think my examples above showed how the flexibility would be important, at least for me. One ofmy main issues revolves around managing 10+ websites, each has different services: blogs, databases, wikis, admin consoles, ssh, ftp, secure directories, .... So, for example, I would like to create patterns to match the specific parts of the URLs for each of these services and use different components to ensure the passwords don't strictly rely on the same string, and hence produce the same password, for each service. As it stands, I have dozens of accounts, one for each service, with lots and lots of duplication and minor changes to REs and URLs used for password generation.

One example of a benefit to combining many accounts under a single password model is if I chose to change something about these passwords, for example, change the length, I can duplicate one account, make the change and have both accounts available for logging in using the old account, then using the new account for changing the password. As it stands, I generally have at least three, sometimes as many as five or six, PWM accounts to duplicate per "account" if I need to change something about the passwords. So really, I want as few PWM accounts as possible when I'm dealing with accounts in which I only care about the password model. Versatility in the value used to generate passwords is important for this.

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: regex match as URL used for generated password
« Reply #18 on: June 25, 2007, 11:17:49 PM »
Quote
I think my examples above showed how the flexibility would be important, at least for me. One of my main issues revolves around managing 10+ websites, each has different services: blogs, databases, wikis, admin consoles, ssh, ftp, secure directories, .... So, for example, I would like to create patterns to match the specific parts of the URLs for each of these services and use different components to ensure the passwords don't strictly rely on the same string, and hence produce the same password, for each service.
<snip>
Ok, I see how this would be valuable, especially the way you are using it (and in fact, I might end up taking advantage of this functionality if it were implemented), and this requirement would be fulfilled by the FR I suggested for the 'Advanced Security Mode' that would result from my proposed change to the current/default Security Mode - but, maybe even better - hmmm... I'm thinking out loud here, so bear that in mind... how about:

1. Implement the FR (made by yours truly) to provide for Separate 'URL Components' for 'When URL Contains' and 'Use This URL' fields

2. Allow the use of regex for the 'Use the following value/string...' field,

3. Redesign the 'Advanced Security Mode' - something like this quick and dirty example - to provide an interface for the new functionality. A comment field could be provided that would show up as a tooltip for as detailed a description of each pattern as desired.

OR, at a minimum...

The simplest/easiest thing to do would be to create an option to use the 'Calculated URL' as the 'Use the following URL...' value for calculating the password - this would at least allow for different password for the different URL patterns...

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: regex match as URL used for generated password
« Reply #19 on: October 22, 2007, 09:14:52 PM »
See http://forums.passwordmaker.org/index.php/topic,1413.new.html

Pattern-based Use the following text to calculate the generated password field

PasswordMaker Forums

Re: regex match as URL used for generated password
« Reply #19 on: October 22, 2007, 09:14:52 PM »

 

anything