Login vs. typeahead
Leslie Mikesell
les at chinet.chi.il.us
Thu Nov 15 04:58:17 AEST 1990
In article <1990Nov13.233329.8736 at athena.mit.edu> jik at athena.mit.edu (Jonathan I. Kamens) writes:
> The flushing of typeahead is meant to prevent people from doing exactly what
>you describe. Allowing the first characters of your password to be displayed
>on the screen as you type them is a Bad Idea (tm) and a clear security
>problem. If the login program doesn't accept input typed before echoing is
>turned off, then people have an incentive not to type any input before echoing
>is turned off.
Hmmm, then one might think the correct approach would be for getty to turn
off echo as soon as it sees the <return> terminating the login entry.
Better yet would be a sensible get-in program combining the functions of
the traditional getty and login. This would allow taking input in
raw mode and echoing only what you want to echo without regard to timing
(and some other possibilities like hashing the passwd file while no one
is on-line with a long-distance call and allowing multiple backspace/erase
characters). Has anyone done this?
If you are providing a service that people are not obligated to use,
screwing up their attempts to log in will just provide them with an
incentive to go elsewhere.
Les Mikesell
les at chinet.chi.il.us
More information about the Comp.unix.misc
mailing list