On Fri, May 3, 2013 at 5:26 PM, Dan Mashal dan.mashal@gmail.com wrote:
On Fri, May 3, 2013 at 2:17 PM, Chris Murphy lists@colorremedies.com wrote:
On May 3, 2013, at 2:04 PM, Dan Mashal dan.mashal@gmail.com wrote:
I believe that this is a major security risk and that this is a new UI change going forward and this is not a bug.
Do you think this is a good idea?
No. I think it's a bug, and a bug should be filed on it.
Chris Murphy
devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
It was.
And closed as NOTABUG.
https://bugzilla.redhat.com/show_bug.cgi?id=959541 https://bugzilla.redhat.com/show_bug.cgi?id=958608
So I just wanted to email other intelligent people and see if I was crazy or stupid.
Saving passwords in clear text, it makes certain operations easier, but makes numerous illicit operations more easy. The ability to, and value of, shoulder surfing a password is a very real issue in large shared environments with multiple people with visual access to your shoulder. The critical one iin my mind is remote electronic access through shared consoles in VMware environments and in other virtualizaiton environments. Anyone in the data center can shoulder surf you with a console to the virtualization *server*.