Re: [g-a-devel]role type - "password-text"
- From: Bill Haneman <bill haneman sun com>
- To: Michael Meeks <michael ximian com>
- Cc: "Padraig O'Briain" <Padraig Obriain sun com>, accessibility mailing list <gnome-accessibility-devel gnome org>, anju premachandran wipro com, mukund rajagopalan wipro com, peter korn sun com, Marc Mulcahy <marc mulcahy sun com>
- Subject: Re: [g-a-devel]role type - "password-text"
- Date: 29 Jul 2002 17:32:38 +0100
On Mon, 2002-07-29 at 15:03, Michael Meeks wrote:
> Hi Bill,
[snip]
> I'm extremely un-certain that this is a security bug in at-spi, if we
> remove all ways of determining what text is in that field, we have
> screwed with eg. braille displays - that don't speak the string out to
> the whole room [ not that an a11y desktop user would be using anything
> but headphones in an office space I'm sure ;-].
sighted users don't get feedback in these cases, so I don't think it's
necessary for blind users to get this feedback either.
And this has been flagged as an issue by architectural and security
review folks; also in some use cases (remote apps, etc.) it would be
potentially exploitable as a security hole. I don't think it's worth
the risk, and don't think exposing the plaintext is important for
accessibility.
-Bill
> It seems to me, reasonable that we should have a role, and that the at
> should honour that if it makes sense, and not if it doesn't. Simply
> ensuring that no-one can possibly get at that text is not security, even
> if they need to.
>
> Or perhaps I mis-understood the issue.
>
> Regards,
>
> Michael.
>
> --
> mmeeks gnu org <><, Pseudo Engineer, itinerant idiot
>
> _______________________________________________
> Gnome-accessibility-devel mailing list
> Gnome-accessibility-devel gnome org
> http://mail.gnome.org/mailman/listinfo/gnome-accessibility-devel
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
