pipedream icon indicating copy to clipboard operation
pipedream copied to clipboard
verified publisher icon PipedreamHQ

[APP] Boardon

Open sergio-eliot-rodriguez opened this issue 1 year ago • 13 comments

App Boardon Website https://boardon.io/ Note on outreach by email, copied sergio@pk integrations@pd

sergio-eliot-rodriguez avatar Aug 21 '24 19:08 sergio-eliot-rodriguez

Enter the password and it will open normally, then close tabby and reopen it, you still need to enter the password

geoffrey10 avatar Jul 05 '24 01:07 geoffrey10

This problem does not exist in the current version, it has existed since the 1.0.200 version I installed

geoffrey10 avatar Jul 05 '24 01:07 geoffrey10

Issues still persists on the 1.0.211 - it's hella annoying I've been using Tabby for over an year

michal-cieslik avatar Aug 09 '24 07:08 michal-cieslik

Issues still persists on the 1.0.211 - it's hella annoying I've been using Tabby for over an year

I have been using it for over a year now, and this setting has never taken effect

scp-planet avatar Sep 18 '24 01:09 scp-planet

still there.. it's unusable in this state. so annoying to enter the password every time. this should be treated with higher priority

Uj947nXmRqV2nRaWshKtHzTvckUUpD avatar Jan 05 '25 19:01 Uj947nXmRqV2nRaWshKtHzTvckUUpD

Are you actually closing the app within that 7 days period?

Eugeny avatar Jan 22 '25 21:01 Eugeny

yes

Uj947nXmRqV2nRaWshKtHzTvckUUpD avatar Jan 22 '25 23:01 Uj947nXmRqV2nRaWshKtHzTvckUUpD

Well, what do you expect to happen? For it to store the password to your encrypted vault in a readable format right next to it?

Eugeny avatar Jan 23 '25 00:01 Eugeny

So the password remember feature is only for when the app remains open ? maybe we all understood it wrong..

i think the confusion comes from 2 reasons:

  • people are used to the concept of remembering session login in browser. closing browser will still persist the session, without having to type password again
  • the message to remember password is not clear enough, as it is not specifying the app should remain open

I don't know the techincal details in behind of how the password is saved in tabby in this case. But one idea that comes in my mind is by using for example on Windows, the windows credentials where you can store the password encrypted temporarily and automatically remove it based on a time counter in tabby.

Uj947nXmRqV2nRaWshKtHzTvckUUpD avatar Jan 23 '25 08:01 Uj947nXmRqV2nRaWshKtHzTvckUUpD

The issue is that in absence of app sandboxing, storing the vault password locally in any way is equivalent to just not using it at all since all the information needed to decrypt it is now available to any application on your computer as long as you're logged in, even if you store it in Windows Credentials or use CryptProtectData etc.

I agree that the UI text can be improved, but the impossibility of safely remembering a password to your encrypted data stored in the same place is a fundamental limitation.

Eugeny avatar Jan 23 '25 09:01 Eugeny

you are right, as long as password is stored, any app with enough access will be able to use it. there's a similar discussion for cryptomator: https://community.cryptomator.org/t/why-does-cryptomator-now-offer-to-save-a-pasword/8837/5

so it's a matter of trusting your local environment in the end

my usecase: i need to save some ssh passwords for some local vmware lab servers (for which i cannot use passwordless login), but i don't want to enter the vault password everytime as i trust my local environment, and even if the passwords were leaked to another app, i wouldn't care as these are just some lab vms

maybe one idea is to add a "trust this environment" option, but that would add some more complexity and probably more confusion

later edit: another idea would be to rely on windows pin, like on keepassxc, where you don't have to enter the master password when database locks on timeout, but rather a shorter/faster/easier to memorise windows PIN..but probably that works only if the app is not closed

Uj947nXmRqV2nRaWshKtHzTvckUUpD avatar Jan 23 '25 10:01 Uj947nXmRqV2nRaWshKtHzTvckUUpD

#5535, #6344, #6547, #7099, #9579 .. still the same report and they're right: the UI promises to remember the password for 7 days and it doesn't happen. Dev understanding is more niche: it will remember it only if app is running for 7 days nonstop. That's not clear from the GUI, which makes the issue relevant and perpetual. Indeed I also hope it will remember the vault password one day, as I double think before launching the app each time. I hate to type it. As it was stated, security is not an inssue on a trusted environment, and storage method can vary from unsafe to safe.

gitthangbaby avatar May 21 '25 16:05 gitthangbaby

The current message regarding the master password retention might be a bit ambiguous. To enhance clarity, it would be helpful to specify that the master password is retained only while the application remains open ?

GeistFighter avatar May 29 '25 19:05 GeistFighter

I honestly understand how most people in this issue report feel. I absolutely abhor being told how I can and can-not use my own systems. I use Tabby to access SSH sessions for locally running Linux instances, so not trusting the local system is kind of pointless in my use case. To the degree that I have forked Tabby and recompiled it to store the vault data in plaintext and not prompt for passwords at all anymore. But the developer who owns this project isn't charging us anything to use it, so we can't really complain if he chooses to force his mindset on anyone who uses his project. We should be thankful he chose to share his work in such a way that we can modify it where necessary to suite our own use cases.

That said, I would definitely call the wording in the UI a bug for sure, as it really doesn't convey the true intentions of the feature.

kirk56k avatar Jun 23 '25 15:06 kirk56k