Re: X-windows security in Gnome
- From: Benjamin Kahn <xkahn ximian com>
- To: Havoc Pennington <hp redhat com>
- Cc: gnome-hackers gnome org
- Subject: Re: X-windows security in Gnome
- Date: 16 May 2002 20:11:23 -0400
On Thu, 2002-05-16 at 19:48, Havoc Pennington wrote:
> Benjamin Kahn <xkahn ximian com> writes:
> > Of course, as Chris Lahey pointed out just the other day, one of the
> > main points of this feature is to make sure the user REALLY IS typing
> > their password into the application they think they are tying it into.
> > Another window can't just pop up, grab focus, and display what they are
> > typing.
>
> Sure, but windows aren't supposed to get focus while you're typing in
> another app - they don't in Windows XP, for example. This is something
> that's easy to fix correctly, and the correct fix ends up really
> solving the problem for all users, not just theoretically solving it
> if everyone bothers to choose the "secure keyboard" menu item before
> and after they type something sensitive.
Really? How'd they solve this problem? This happens to me a lot when
running things like Evolution. I have a mail server which requires
authentication when sending mail. I write an email, send it off, and
then go do something else. Often the password dialog comes up and I
type for a little while before realizing what's happened. It could
probably be fixed if I only gave focus to new windows which were
children of the current application, but what if I were composing a
second email?
> In any case, if you have the menu item for this reason, it definitely
> should not be called "secure keyboard," since that name has created a
> widespread misconception that it makes you immune to key snooping and
> thus has probably encouraged insecure setups. I guess it should be
> called "work around broken focus policy" ;-)
Hmm... Sounds like a long menu item name. How about: "Capture
Keyboard"? :^)
> > And, as another side point, I had a sawfish and panel crash the other
> > day when using GNOME 2. All I could (easily) do was ask Nautilus to
> > open a terminal which I couldn't type into since I couldn't ask it to
> > grab the keyboard.
>
> I have a problem with a menu item called "focus this window because my
> window manager crashed" ;-)
>
> I usually go to a virtual console and type "DISPLAY=:0 windowmanager"
>
> But a more realistic solution for end users is this one:
> http://bugzilla.gnome.org/show_bug.cgi?id=75047
>
> Combined with a generic session manager feature that protects you from
> losing all the key programs from the session (desktop icons, panel,
> WM). Users lose these from time to time, and generally don't know how
> to get them back.
Sure. This is a much better solution for this case when running
Profterm in a GNOME environment.
_______________________________________________
gnome-hackers mailing list
gnome-hackers gnome org
http://mail.gnome.org/mailman/listinfo/gnome-hackers
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]