New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 2 users

Issue metadata

Status: Available
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: iOS
Pri: 3
Type: Bug



Sign in to add a comment

Switch iOS to use the Posix login DB

Project Member Reported by vabr@chromium.org, Aug 13 2015

Issue description

The LoginDatabase on iOS should work as on CrOS -- storing passwords in the database in plain text, relying on the OS-level storage protection.

We need to do 2 steps:

(1) Change the current behaviour of the LoginDatabase on iOS, which stores only IDs of passwords in the database, and the passwords themselves in the iOS keychain.

(2) Move the database code completely upstream, removing any diffs in the downstream copy of Chromium, or special code in the internal iOS repo.
 

Comment 1 by vabr@chromium.org, Aug 13 2015

Blocking: chromium:507778

Comment 2 by vabr@chromium.org, Aug 13 2015

Labels: Cr-Privacy Cr-Security
This has been discussed with jww@, and tha password manager team, which overlaps with privacy a lot, but still, adding Privacy and Security labels as a FYI to the respective teams. Affected teams, feel free to remove the labels to reduce spam, if you are fine with the plan.

Comment 3 by vabr@chromium.org, Aug 13 2015

@melandory -- given http://crbug.com/507778#c2, feel free to grab this one. But from our recent conversation I believe it is not currently on top of your list, so I kept it with me in case I get to it faster. Did not mean to steal it from you, though, so happy to give it back to you.

Comment 4 by vabr@chromium.org, Aug 14 2015

I won't get to this until back from holiday.
@melandory -- don't wait for me if you want to grab this (but it is OK if you don't find time, there is no rush).
Cc: stuartmorgan@chromium.org

Comment 6 by vabr@chromium.org, Nov 4 2015

Status update: upstream will be patched to match downstream pretty soon (https://codereview.chromium.org/1237403003/), after that we'll proceed to actually get rid of the iOS-specific code for LoginDatabase and migrate iOS to use the same as Linux and CrOS do.
Project Member

Comment 7 by bugdroid1@chromium.org, Nov 6 2015

The following revision refers to this bug:
  https://chrome-internal.googlesource.com/bling/chromium.git/+/e45fbe60367757810e57bdc3d1fbf6c1ac7bc142

commit e45fbe60367757810e57bdc3d1fbf6c1ac7bc142
Author: melandory <melandory@google.com>
Date: Fri Nov 06 10:35:07 2015

Comment 9 by vabr@chromium.org, Nov 6 2015

Bug update: Thanks to melandory@'s #7 and #8, the downstream diff for //components/password_manager should disappear completely.

The rest of this bug is upstream-only, switching iOS to use the Posix login DB.

Comment 10 by vabr@chromium.org, Nov 24 2015

Blocking: -chromium:507778

Comment 11 by vabr@chromium.org, Dec 9 2015

Labels: refactoring

Comment 12 by vabr@chromium.org, Apr 11 2016

Cc: -stuartmorgan@chromium.org
Labels: Hotlist-Tech-Debt
Summary: Switch iOS to use the Posix login DB (was: Upstream LoginDatabase for iOS)
Labels: -Hotlist-Tech-Debt Hotlist-TechnicalDebt

Comment 14 by vabr@chromium.org, May 31 2016

Cc: vabr@chromium.org
Components: -Security -Privacy
Labels: -Pri-2 Pri-3
Owner: ----
Status: Available (was: Assigned)

Comment 15 by vabr@chromium.org, Jun 6 2016

Labels: -refactoring Hotlist-Refactoring
Cc: -melandory@chromium.org
Also, https://crbug.com/827073#c9 suggests that `NSFileProtectionComplete` should be the storage class for files with passwords.

(Removing melandory@, who switched teams, from Cc.)

Sign in to add a comment