Re: [g-a-devel]role type - "password-text"

From: Michael Meeks <michael ximian com>
To: Bill Haneman <bill haneman sun com>
Cc: Padraig O'Briain <Padraig Obriain sun com>, accessibility mailing list <gnome-accessibility-devel gnome org>, anju premachandran wipro com, mukund rajagopalan wipro com, peter korn sun com, Marc Mulcahy <marc mulcahy sun com>
Subject: Re: [g-a-devel]role type - "password-text"
Date: 29 Jul 2002 10:03:14 -0400

Hi Bill,

On Mon, 2002-07-29 at 06:56, Bill Haneman wrote:
> I do believe this is a security bug, my understanding has always been
> that a text field should report what is displayed in this case and not
> what was typed in.
> 
> Certainly if we expose the password text here it creates very
> significant security issues for at-spi and accessibility solutions.

	I'm extremely un-certain that this is a security bug in at-spi, if we
remove all ways of determining what text is in that field, we have
screwed with eg. braille displays - that don't speak the string out to
the whole room [ not that an a11y desktop user would be using anything
but headphones in an office space I'm sure ;-].

	It seems to me, reasonable that we should have a role, and that the at
should honour that if it makes sense, and not if it doesn't. Simply
ensuring that no-one can possibly get at that text is not security, even
if they need to.

	Or perhaps I mis-understood the issue.

	Regards,

		Michael.

-- 
 mmeeks gnu org  <><, Pseudo Engineer, itinerant idiot

Follow-Ups:
- Re: [g-a-devel]role type - "password-text"
  - From: Bill Haneman

References:
- Re: [g-a-devel]role type - "password-text"
  - From: Padraig O'Briain
- Re: [g-a-devel]role type - "password-text"
  - From: Bill Haneman

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]