Re: Do you think this is a security risk and if not is it a bad UI decision?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2013-05-04 at 23:42 -0400, Nico Kadel-Garcia wrote:
> On Fri, May 3, 2013 at 5:26 PM, Dan Mashal <dan.mashal@xxxxxxxxx> wrote:
> > On Fri, May 3, 2013 at 2:17 PM, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote:
> >>
> >> On May 3, 2013, at 2:04 PM, Dan Mashal <dan.mashal@xxxxxxxxx> wrote:
> >>>
> >>> I believe that this is a major security risk and that this is a new UI
> >>> change going forward and this is not a bug.
> >>>
> >>> Do you think this is a good idea?
> >>
> >> No. I think it's a bug, and a bug should be filed on it.
> >>
> >>
> >> Chris Murphy
> >> --
> >> devel mailing list
> >> devel@xxxxxxxxxxxxxxxxxxxxxxx
> >> https://admin.fedoraproject.org/mailman/listinfo/devel
> >
> > It was.
> >
> >
> > And closed as NOTABUG.
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=959541
> > https://bugzilla.redhat.com/show_bug.cgi?id=958608
> >
> > So I just wanted to email other intelligent people and see if I was
> > crazy or stupid.
> 
> Saving passwords in clear text, it makes certain operations easier,
> but makes numerous illicit operations more easy.

Just to avoid any confusion - this is about *displaying* passwords as
they are typed (or masking them). It is not about how they are stored,
there is no change in that regard (we hash and salt them up the wazoo).
The rest of your message shows that you actually understand this, I just
didn't want anyone to read 'saving passwords in clear text' and get
worried :)
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux