Login vs. typeahead
Jonathan I. Kamens
jik at athena.mit.edu
Wed Nov 14 10:33:29 AEST 1990
In article <1990Nov13.182623.18967 at smsc.sony.com>, dce at smsc.sony.com (David Elliott) writes:
|> ... if a user tries to do this, some or all of
|> the password they type is displayed on the screen, and then this data
|> is ignored by getpass(), which flushes the input before it reads.
|>
|> What I would like to know is if there is a good reason for the current
|> behavior, and if changing this behavior might in some way compromise
|> the security of the system.
The flushing of typeahead is meant to prevent people from doing exactly what
you describe. Allowing the first characters of your password to be displayed
on the screen as you type them is a Bad Idea (tm) and a clear security
problem. If the login program doesn't accept input typed before echoing is
turned off, then people have an incentive not to type any input before echoing
is turned off.
--
Jonathan Kamens USnail:
MIT Project Athena 11 Ashford Terrace
jik at Athena.MIT.EDU Allston, MA 02134
Office: 617-253-8085 Home: 617-782-0710
More information about the Comp.unix.misc
mailing list