[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535964 ]
Dan Shields commented on OFBIZ-1106: ------------------------------------ Jacques, I have taken your comments as serious advice to me, and I have noted that you have correctly pointed out that my patch does not follow the design precedent of XUI (you did not exactly say it this way). In my own defense: I had pursued the XUI path the other night but discarded it after estimating the number of changes that would be required in code that I am unfamiliar with (I'm new here). For example, the straightforward refactoring of the Input/XEdit relationship to support substituting a XPassword field at (and only at) the correct time, is potentially a night-mare without a test harness around the existing Input behavior. Maybe this is a good way to do things, maybe not. Someone with more experience with the source in this area may have better comments than me. I am puzzled when you say that this phenomenon (asterisk-echo) is everywhere. I certainly don't see it everywhere, but I suppose it depends on what sw you are running. It is not present in the login prompts on Linux, BSD or Solaris, though I admit that graphical display managers (gdm, kdm) tend to exhibit this fault. Perhaps the past experiences you have had with software are quite different from mine, as I would expect would be different any other peoples that we compared. I feel that this phenomenon is a recent trend in graphical interfaces, on the web especially because it is built in behavior to the password element of HTML. But this does not say that asterisk-echo is a standard, nor that it is always a good idea. The bug I have with showing the password is: anyone else may see that you are typing your password, and may have some greater idea of what you are typing. The length of your password as well as pauses that indicate rhythm are noticeable by casual onlookers. This is especially a common problem in a situation where: a) there are many staff members who would like to gain unrestricted access to the manager account on the POS terminal (the manager account is frequently used for price changes); and b) the entry of passwords on a keypad restricts the characters used to 0-9, this drastically reduces the range of possible passwords. In many scenarios the cash boxes contain significant money, so they must be managed in a security conscious way. It matters very little what other software does, it only matters what we do. I hope I can do better on my next contrib. Cheers, Dan Shields > Passwords in POS are shown in clear text > ---------------------------------------- > > Key: OFBIZ-1106 > URL: https://issues.apache.org/jira/browse/OFBIZ-1106 > Project: OFBiz > Issue Type: Improvement > Components: pos > Affects Versions: SVN trunk > Environment: All > Reporter: Chris Lombardi > Assignee: Jacques Le Roux > Priority: Minor > Attachments: input-contents-hidden.patch > > > Passwords entered in the POS are displayed in the clear in the POS input > panel. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.