On Wed, 10 Dec 1997, Sascha Runschke wrote: > it seems that there is a bug in the login procedure of the kdm environment. > If you type your passwd when prompted for it and afterwards try to mark the > invisible passwd with the mouse, it suddenly becomes visible. > > I don't think it's that dangerous, but there might be a situation where you > cannot end your login-sequence and someone else is able to access your > station. > > I did not check the code yet, because I do not use kdm. But maybe > I'll have a look later. I don't know about this exact problem, but there is a generic problem with Qt in this regard: A text entry field that has been set to "password" mode still permits selection (and therefore copying) of the plaintext contents. I spoke with Arnt Gulbrandsen at Troll Tech about this after discovering it myself while working on a nice GUI s/key calculator (email me if you're interested). I can't remember what he said about why it was that way, but after I pointed out that while under Windows inadvertent selection does not cause copy, it *does* under X - which makes accidentally pasting your password into the wrong window (or even having someone snoop it out of your server - yeah, this is rather unrealistic ;) trivially easy. He concurred and mumbled something about it being fixed in 1.4 or so. Please note that I have no connection with Troll Tech other than being a personal friend of Arnt's, and that anything in the preceding paragraph could be wrong. Arnt, further comment from the proverbial horse's mouth? (And please don't shoot me ;) -- J. S. Connell | Systems Adminstrator, ICONZ. Any opinions stated above ankhat_private | are not my employers', not my boyfriends', my God's, my ankhat_private | friends', and probably not even my own. -------------------+--------------------------------------------------------- PGP key at http://www.canuck.gen.nz/~ankh/pgpkey.html
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:35:59 PDT