Josselin Mouette wrote: > Le jeudi 18 septembre 2008 à 18:46 +0000, Stef a écrit : >> Some people want it to act like gksudo. That is, make a password prompt >> desktop modal, no other windows are accessible, everything grayed out. >> >> Use case/complaint: "I was giving a presentation in front of thousands >> of people. I did X that caused a password prompt came up but >> gnome-keyring didn't grab the focus properly, and I typed my password in >> clear view. Now I'm screwed." > > These people are right. A password prompt should grab keyboard and > mouse, otherwise you are susceptible to leak the password. Typing wrong > stuff in a password prompt is a mere annoyance; typing a password > somewhere else is a security issue.
So is the consensus that all password prompts should grab the keyboard in a big way (ala gksudo)? How would this apply to all the password prompts that applications like to throw up. Does this apply to only passwords of a certain 'caliber'? Cheers, Stef Walter _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org http://mail.gnome.org/mailman/listinfo/desktop-devel-list