Details
-
Task
-
Resolution: Unresolved
-
P2: Important
-
None
-
None
-
None
Description
QAuthenticator is fragile and tries to do too many things in one class.
It should be split up something like this:
QAuthenticator - keep the public class, but just become a value type for passing credentials around. (should become implicitly sharable again)
QAuthenticationProvider - abstract base class with functions for calculating authentication responses
QAuthenticationProviderBasic - the "basic" scheme of http (password encoded but not encrypted or hashed)
QAuthenticationProviderPlaintext - password sent in the clear (e.g. ftp)
QAuthenticationProviderDigest - the "digest" scheme of http
QAuthenticationProviderNtlm - MS windows authentication
Any state would be part of the authentication provider instance.
Places where QAuthenticatorPrivate is being used, the authentication provider should be used instead with a clean interface.
The QAuthenticationProvider hierarchy should initially be internal
(this task is a placeholder for discussion)
Attachments
Issue Links
- relates to
-
QTBUG-25774 API to judge password security of QAuthenticator
-
- Open
-
-
-
- Open
-