Hello everyone,
I’m just curious about this decision. Not everyone is a computer scientist and can compile a program that easily.
I think OpenVPN is a good step in the right direction in times where you can't even watch many Youtube videos because of Geo-restrictions but why is it so user unfriendly? I couldn’t get one official site with a"--enable-password-save" enabled build. So I had to choose a modified (unsave) version from an unknown VPN provider after being annoyed to enter my password every time to test the connection. I probably would have entered the username and password for about 100 times without "--enable-password-save" because of provider problems, configuration issues etc.
Computer security is good but please make it usable for non computer scientists and non geeks.
One question for software developers should always be:
Can a "luser / DAU" use this software without getting a headache?
Ergo: Please post always a "--enable-password-save" build for a new version too.
Many Thanks, Open Source Rules!
Why is "--enable-password-save" disabled by default?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
HOTDOG
- OpenVpn Newbie
- Posts: 8
- Joined: Wed Mar 02, 2011 1:16 pm
-
gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: Why is "--enable-password-save" disabled by default?
note: I'm not an openvpn developer.
If you have a headache, you can take aspirin. Or you can take morphine. Aspirin is slow to work and often dulls the pain without bringing complete relief; however, there are no addictive properties, so outside occasional stomach upset if you neglect to take it with food, there are no lasting side-effects. Morphine will take right-the-hell care of your headache. You might vomit as well, so there will be the carpet cleaning business to take care of, but you will feel absolutely no pain. The commonly known side-effect is that you might end up with a not-so-nice habit that will murder your personality and pretty much leave your life in the toilet.
The save-password option is kind of like the morphine.
Within the context of this analogy, think of the developers like your pharmacist. If the pharmacist gives everyone with a headache morphine, they would undoubtedly loose their license to practice their art. They would be looked upon as a drug dealer rather than a healer. That being said, including the password-save feature by default was probably considered a bit too convenient--too many individuals would use it... forever. With the ensuing security problems this would inevitably occur due to the misuse of this feature, it was probably decided that they didn't want to have to deal with the blow-back from said individuals accusing the openvpn team of shipping an insecure program.
You might be able to find the mailing list threads where this option has been discussed to get the gory details. In the mean time, you have three options: don't use password authentication, determine what is actually wrong with your vpn configuration or store your password in windows' paste buffer and hit ctrl-v every time the box pops up.
Openvpn is not for the faint of heart. It doesn't Just Work right out of the box. You need knowledge of networking and, in cases such as this, how to interact with the source code. There are even edge cases where you need enough C foo to be able to read the source code itself. (This isn't computer science, by the way--it's just doing it)
If you have a question about your configuration, please ask it (in a new thread). Beseeching the developers to change their packaging philosophy just for you probably won't get you far.
-S
If you have a headache, you can take aspirin. Or you can take morphine. Aspirin is slow to work and often dulls the pain without bringing complete relief; however, there are no addictive properties, so outside occasional stomach upset if you neglect to take it with food, there are no lasting side-effects. Morphine will take right-the-hell care of your headache. You might vomit as well, so there will be the carpet cleaning business to take care of, but you will feel absolutely no pain. The commonly known side-effect is that you might end up with a not-so-nice habit that will murder your personality and pretty much leave your life in the toilet.
The save-password option is kind of like the morphine.
Within the context of this analogy, think of the developers like your pharmacist. If the pharmacist gives everyone with a headache morphine, they would undoubtedly loose their license to practice their art. They would be looked upon as a drug dealer rather than a healer. That being said, including the password-save feature by default was probably considered a bit too convenient--too many individuals would use it... forever. With the ensuing security problems this would inevitably occur due to the misuse of this feature, it was probably decided that they didn't want to have to deal with the blow-back from said individuals accusing the openvpn team of shipping an insecure program.
You might be able to find the mailing list threads where this option has been discussed to get the gory details. In the mean time, you have three options: don't use password authentication, determine what is actually wrong with your vpn configuration or store your password in windows' paste buffer and hit ctrl-v every time the box pops up.
Openvpn is not for the faint of heart. It doesn't Just Work right out of the box. You need knowledge of networking and, in cases such as this, how to interact with the source code. There are even edge cases where you need enough C foo to be able to read the source code itself. (This isn't computer science, by the way--it's just doing it)
If you have a question about your configuration, please ask it (in a new thread). Beseeching the developers to change their packaging philosophy just for you probably won't get you far.
-S
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole