Re: Prompting for passwords on the desktop?

From: Stef <stef-list memberwebs com>
To: Josselin Mouette <joss debian org>
Cc: desktop-devel-list gnome org
Subject: Re: Prompting for passwords on the desktop?
Date: Sat, 20 Sep 2008 18:05:32 +0000 (UTC)

Josselin Mouette wrote:
> Le jeudi 18 septembre 2008 à 18:46 +0000, Stef a écrit :
>> Some people want it to act like gksudo. That is, make a password prompt
>> desktop modal, no other windows are accessible, everything grayed out.
>>
>> Use case/complaint: "I was giving a presentation in front of thousands
>> of people. I did X that caused a password prompt came up but
>> gnome-keyring didn't grab the focus properly, and I typed my password in
>> clear view. Now I'm screwed."
> 
> These people are right. A password prompt should grab keyboard and
> mouse, otherwise you are susceptible to leak the password. Typing wrong
> stuff in a password prompt is a mere annoyance; typing a password
> somewhere else is a security issue.

So is the consensus that all password prompts should grab the keyboard
in a big way (ala gksudo)? How would this apply to all the password
prompts that applications like to throw up. Does this apply to only
passwords of a certain 'caliber'?

Cheers,

Stef Walter

References:
- Prompting for passwords on the desktop?
  - From: Stef
- Re: Prompting for passwords on the desktop?
  - From: Josselin Mouette

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]