nspasteboard.org, tagging password in the pasteboard (was: Developer Support request)
19 views
Skip to first unread message
Thomas Tempelmann
Oct 10, 2013, 8:19:33 AM10/10/13
to AgileBits Support, nspast...@googlegroups.com
Hi Mike, or whoever else
gets this from support,
This is a follow-up from email exchanges we had in Nov 2011 and April of 2012.
In the past, I had contacted you (or rather your developers) to convince them to add some key to the pasteboard that indicates that the data in the clipboard is a password and therefore should not be recorded (and displayed) without special care by other clipboard-watching tools.
I'm involved with the group that uses and works on improving the "nspasteboard" standard (I've CC'd them in this mail) and we were in the middle of adding a new "concealedType" to our little standard so that 1pw could make good use of it and have it quickly adopted by other tools.
I recently learned that 1pw 4 on the Mac might support the suggestions layed out on http://www.nspasteboard.org/Site/Transient.html in some way or another.
Can you give me more details on this?
Also, if your developers have questions or like to provide feedback, or just stay in the loop, please let us know. We can certainly add someone to our mailing list, too.
Regards,
Thomas Tempelmann
This is a follow-up from email exchanges we had in Nov 2011 and April of 2012.
In the past, I had contacted you (or rather your developers) to convince them to add some key to the pasteboard that indicates that the data in the clipboard is a password and therefore should not be recorded (and displayed) without special care by other clipboard-watching tools.
I'm involved with the group that uses and works on improving the "nspasteboard" standard (I've CC'd them in this mail) and we were in the middle of adding a new "concealedType" to our little standard so that 1pw could make good use of it and have it quickly adopted by other tools.
I recently learned that 1pw 4 on the Mac might support the suggestions layed out on http://www.nspasteboard.org/Site/Transient.html in some way or another.
Can you give me more details on this?
Also, if your developers have questions or like to provide feedback, or just stay in the loop, please let us know. We can certainly add someone to our mailing list, too.
Regards,
Thomas Tempelmann
Hi Thomas,
Thank you so much for sending us this information again, I will personally forward this information again to our developers and ask them to take serious consideration in doing this.
Do you have any idea if this will also work in javascript-based browser extensions? For an example, if we support copying to clipboard from the 1Password extension in the browser, would it be possible to append the type to it to be ignored by the clipboard apps?
Do you have any experience in that area?
Please let me know.
Thanks!
Mike Tselikman
Agile Samurai
AgileBits, Inc.
http://agilebits.comI just like to re-iterate this request and by giving an example on how
this can actually work out:
Some clipboard tools on OSX create "temporary" data into clipboards,
only to remove it within a second again. An example are tools that
perform "text expanding".
Here, there's a similar problem for clipboard recording tools like
ours: The recording tool needs to tell whether the data in the
clipboard is temporary and thus should not be recorded.
The solution: http://www.nspasteboard.org/Site/Transient.html
As you can see there, many developers have already adopted this
protocol. As you can see, it's just a little effort, and it doesn't
get ignored. And it makes the user experience better for all of us.
Having our recording tool simply ignore any clipboard data that comes
from 1Password as you suggest as a work-around is not user friendly
and not even 100% safe:
1. If the user copies non-secret data from 1pw, it won't get recorded,
although that's what he's using our clipboard recoding tool for.
2. We cannot even tell all the time where the clipboard contents
originate from. All we can do is watch the front process and ignore
anything from 1pw - but that's not foolproof because a too-fast
content switch might get missed, thereby our tool identifying the
wrong app as the owner.
So, please - you're practically the leader in password pasting on the
Mac. If you go ahead and simply add a special extra flavor
(com.agilebits.password or even something more generic) when you add a
password to the clipboard, you'll set the standard quickly. You have
the power to make this work. Others will follow. You know that, admit
it! :)
Thomas
Reply all
Reply to author
Forward
0 new messages