search

gujjwal00 / avnc

VNC Client for Android
GNU General Public License v3.0
600 stars 57 forks source link

Request for Feedback: Exclude passwords from exported data #215

Open gujjwal00 opened 6 months ago

gujjwal00 commented 6 months ago

I am planning to restructure credential storage in AVNC. Tentative (and long-term) goals are:

Right now, users can import/export saved servers from AVNC settings. As part of the restructuring, I would like to exclude three fields from exported data: VNC password, SSH password, and SSH private key. Rest of the data will be imported/exported as usual. Exporting these has always felt a little off to me. Excluding these will also remove the requirement to authenticate users before export.

So if anyone have use cases related to this, please let me know.

PS: Any opinion/ideas about asking this type of feedback in general are also welcome.

RadarNyan commented 5 months ago

The entire point of export & import is to make the configuration process easier across multiple devices (or simply as a backup). I personally don't use this, but I can see that if someone has many servers configured, it would be very annoying to have to configure all the credentials manually for each one of them.

How about encrypting sensitive data using AES before exporting? Of course, this would require the user to enter a password when importing the data. Inputting a password once would be much better than setting up credentials one by one.

gujjwal00 commented 5 months ago

The entire point of export & import is to make the configuration process easier across multiple devices (or simply as a backup). I personally don't use this, but I can see that if someone has many servers configured, it would be very annoying to have to configure all the credentials manually for each one of them.

I agree with the sentiment, and that was the original motivation behind this feature. But I also don't want to focus too much on such a scenario. Most people aren't using more than a few servers, and I don't believe re-entering credentials once after restoring from backup is that annoying.

How about encrypting sensitive data using AES before exporting? Of course, this would require the user to enter a password when importing the data. Inputting a password once would be much better than setting up credentials one by one.

That sounds good, but it just adds an extra step after user authentication. I don't want to introduce another level of complexity just for exports.

The thing that worries me most is users leaking their secrets 'accidentally'. If users are aware of the risks, then I am fine with exporting secrets. So, I think making the users opt into exporting secrets with a checkbox would solve that. It would also give them a choice to export without secrets.

user8446 commented 1 month ago

I'm in the camp to have secrets included. Having the checkbox for user choice would probably be the best.

Any backups should be encrypted and/or secured anyway which is trivial.