Do you think this is a security risk and if not is it a bad UI decision?
Björn Persson
bjorn at xn--rombobjrn-67a.se
Fri May 3 23:42:07 UTC 2013
Dan Mashal wrote:
> In the latest Fedora 19 Beta TC2 install after I got through the
> initial steps of the install I started to setup my root password.
>
> To my surprise my password was shown in plain text instead of bullets.
>
> I believe that this is a major security risk and that this is a new UI
> change going forward and this is not a bug.
>
> Do you think this is a good idea?
Very very bad idea.
> What if you are installing and someone is looking over your shoulder
> and you don't know about this new "UI improvement"?
Precisely. This will be a very unpleasant surprise to the experienced
admin who knows that passwords are always obscured in password entry
fields.
I don't suppose there's a warning in big red letters? "BEWARE! YOUR
ROOT PASSWORD WILL BE *VISIBLE*. MAKE SURE THAT NOBODY CAN SEE THE
SCREEN!" The admin won't know about this misfeature until he looks up
from the keyboard and sees the password being displayed in the clear,
right?
Always close the door and the blinds when installing operating systems?
That's easier said than done in an open plan office.
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130504/da491e2f/attachment.sig>
More information about the devel
mailing list