-
-
Notifications
You must be signed in to change notification settings - Fork 321
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possibility to take only the domain and not the FQDN #258
Comments
I don't know why I would want a regression from the current FQDN-implementation. |
Don't hesitate to ask/discuss about what confuses you about my statement, In #199 (comment) you voted for FQDN as default yourself! So at least regarding this aspect we do agree! |
I'm confused about the "regression from the current FQDN-implementation" statement. This issue has the goal to add several more options to choose the website address. |
@Kcchouette Also: You do have the options today: Simply delete the characters you don't want from the FQDN. |
@SoftwUser I'm not sure the length of salt is important. If a generated password is stolen (i.e. myspace), you already got the site (i.e. myspace.com). We already discuss about this:
The only easy improvement we can do easily is to remove Maybe we can add this in a configuration option. |
I am not only concerned about the computed password but about the masterpassword, too. Anyway, your solution to just add an option for reducing the FQDN appears to be reasonable. Thank you. |
@guillaumevincent I would be very unhappy, if the current approach would be reduced or "filtered" to anything shorter. I have use cases as follows:
1,2,3 being different servers, but with identical Login-names. So please, on the default side, please leave it as it is today! I am happy to read your above statement:
But in case there will ever be a v3, please don't touch FQDN as default. Please offer options to reduce/filter and don't enforce it, not even remove And as @SoftwUser said above, everyone who wants shorter site names can delete the unwanted characters manually even today. This is less error-prone than having to add characters manually. |
@panther2 interesting So basically we keep default as today. |
Brilliant, thanks! |
As I said before when I opened #199 an option is perfect for me, and I would be happy to test it. @guillaumevincent Thanks in advance for this option |
@kidburglar what option do you want? Removing |
@guillaumevincent I would prefer something to hold only the domain name example But if you can add a regex possibility is more flexible for everyone I think |
An option to remove the subdomain would be great! There are different use cases where I will find it very useful:
I actually manually remove the subdomain to prevent mistakes, but yes keep the actual behavior by default to prevent authentication problem for many users. ;) |
@kidburglar and @roipoussiere there is no easy solution to get only I don't like the idea of a TLD list because:
|
The list is already done by https://data.iana.org/TLD/tlds-alpha-by-domain.txt (10,2kB), https://publicsuffix.org/list/public_suffix_list.dat (196 kB) or libraries, by example https://github.com/oncletom/tld.js . |
The FQDN is actually what lesspass do now. To get the domain you only need to hold the last 2 elements separate by "."
|
@kidburglar this is not true. Try to understand that there is some popular TLD that contains more than one dot.
@Kcchouette LessPass already used tld.js from Oncle Tom. The amount of extra data for only one feature was the reason why we abandoned it. tlds-alpha-by-domain.txt miss some popular TLD. And public_suffix_list.dat is too big. |
@guillaumevincent What do you think about the regex options ? |
@kidburglar I'm not sure of this assertion.
To complex, the target will be only power users. The solution for now:
|
@guillaumevincent |
@kidburglar yes probably |
Please hold on a second... So what's the point here? Every user would be enforced to download, install and load a list of some thousands domains with LessPass, of which the unique user only uses a small fraction? Do I interpret this correctly? |
@SoftwUser |
@SoftwUser not a list of popular domain names, only a list of most popular TLD
|
@SoftwUser I had a use case recently for The issue is not about not having to hit @guillaumevincent The public_suffix_list.dat can already be made lighter by removing all ICANN domains, since they are obviously all a valid suffix. This should at least limit the increase due to the opening of registration of new top-level domains. This is what was done in tld-list.js. |
@serianox Yes those cases do exist. But this does not justify a regression for those users already managing hundreds of passwords created including the FQDN. Don't just think about the new user who stumbles over a special scenario. Please do think about those existing users, too. Anyway I am glad to notice @guillaumevincent 's above statement, that the regression would be optional (#258 (comment)). So everyone can be happy. |
@SoftwUser Agreed, this should not change existing behavior, e.g. optional for V2, possibly default behavior for V3. |
Ouch, @serianox , please don't ignore #258 (comment) We had that discussion, and it has been resolved here #258 (comment) |
Remember that lesspass use privacy-by-default and we want it to work off-line and standalone. So adding 3rd-parties is a no-go for me. Thus, an alternative would be to include whatever TLD list in the build, maintained it up-to-date and ensure we are not breaking any users' passwords… @guillaumevincent Do you think this is testable? @serianox for your problem, currently you have two way to manage this scenarios:
|
Now that RMLL is finish, Lesspass Move seems ok, and (I hope) version 1 is going to be removed soon, I reopen the issue #199.
The sum-up is: can you offer the capability of choosing for the website:
The text was updated successfully, but these errors were encountered: