Description: If you use the fix of Mike Kaganski https://gerrit.libreoffice.org/c/core/+/189828 You'll see that it's possible to reuse the login of an account that's logged into Base even after closing the odb file without saving... This poses a major security problem. Steps to Reproduce: To reproduce you will need to use the fix: https://gerrit.libreoffice.org/c/core/+/189828 1. Open LibreOffice and open an odb file with an account without password. 2. In Base go to Edit-> Database -> Properties en connect with an account with password, when asked give you password and close with windows with ok. 3. You are now connected in Base with the account with password. 4. Close the odb file without saving if prompted. 5. Reopen this same odb file with you account with no password. 6. In Base go to Edit-> Database -> Properties en connect with the same account with password. 5. You will not be prompted to give a password. 6. If the previous person who used the Base to log in and then log out is the administrator then you have their password cached. Actual Results: Mike's password caching system isn't working. Expected Results: A password caching system that works. Reproducible: Always User Profile Reset: No Additional Info: Regarding password security, it's best not to cache it if it belongs to someone you don't know. This prevents it from being found...
For password caching to work securely, you should only cache the password of the account saved in the odb file. Wanting to do anything else will only bring security problems.
I want to point out that this is all due to Mike Kaganski's bad will, since there's a solution to this problem since my fix was available two days ago... and it's the right solution since it doesn't cache anything as long as the user isn't the one specified in the odb file. https://gerrit.libreoffice.org/c/core/+/189732
I will confirm based on Mike input in this commit https://gerrit.libreoffice.org/c/core/+/189732