Re: Do you think this is a security risk and if not is it a bad UI decision?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dan Mashal wrote:
> In the latest Fedora 19 Beta TC2 install after I got through the
> initial steps of the install I started to setup my root password.
> 
> To my surprise my password was shown in plain text instead of bullets.
> 
> I believe that this is a major security risk and that this is a new UI
> change going forward and this is not a bug.
> 
> Do you think this is a good idea?

Very very bad idea.

> What if you are installing and someone is looking over your shoulder
> and you don't know about this new "UI improvement"?

Precisely. This will be a very unpleasant surprise to the experienced
admin who knows that passwords are always obscured in password entry
fields.

I don't suppose there's a warning in big red letters? "BEWARE! YOUR
ROOT PASSWORD WILL BE *VISIBLE*. MAKE SURE THAT NOBODY CAN SEE THE
SCREEN!" The admin won't know about this misfeature until he looks up
from the keyboard and sees the password being displayed in the clear,
right?

Always close the door and the blinds when installing operating systems?
That's easier said than done in an open plan office.

Björn Persson

Attachment: signature.asc
Description: PGP signature

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux