Re: Prompting for passwords on the desktop?

Josselin Mouette wrote:
> Le jeudi 18 septembre 2008 à 18:46 +0000, Stef a écrit :
>> Some people want it to act like gksudo. That is, make a password prompt
>> desktop modal, no other windows are accessible, everything grayed out.
>> Use case/complaint: "I was giving a presentation in front of thousands
>> of people. I did X that caused a password prompt came up but
>> gnome-keyring didn't grab the focus properly, and I typed my password in
>> clear view. Now I'm screwed."
> These people are right. A password prompt should grab keyboard and
> mouse, otherwise you are susceptible to leak the password. Typing wrong
> stuff in a password prompt is a mere annoyance; typing a password
> somewhere else is a security issue.

So is the consensus that all password prompts should grab the keyboard
in a big way (ala gksudo)? How would this apply to all the password
prompts that applications like to throw up. Does this apply to only
passwords of a certain 'caliber'?


Stef Walter

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]