On 2009-10-14 01:33 PDT, Neil wrote: > Nelson Bolyard wrote: > >> I'll add these thoughts. I don't know of any way to "log in" to a >> token that has no password. IINM, such a token just "comes up" in a >> state that is similar to being already logged in. It's not surprising >> to me that forcefully logging it out leaves it in a state where it >> cannot log in again without being restarted. Maybe the solution is to >> make it so that it cannot be logged out, since it is not truly logged >> in. That could be done in NSS or in PSM or in the browser outside of >> PSM (I think). >> >> > That might be possible if there was some easy way of determining whether > there is a master password (without prompting the user for such > password). This method would not need to leave the user logged in if they > had previously been logged in with a password.
... would NOT need to leave the user logged in? really? Anyway, NSS certainly offers a function that answers the question of whether the user has a master password or not, without logging the user out if he is logged in (IINM). I do not know if PSM makes that available to its users as some sort of method on some sort of object. By the way, I REALLY REALLY wish that the password manager would use that when you click the button to reveal the passwords, instead of doing what it does now, which forces you to re-enter the master password, even if you've JUST entered it. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
