4:01 p.m.
http://bugzilla.moblin.org/show_bug.cgi?id=5019
Summary: Service config page should not show the char number of
user's password
Classification: Moblin Projects
Product: SyncEvolution
Version: upstream
Platform: Netbook
OS/Version: Moblin Linux
Status: NEW
Severity: normal
Priority: Undecided
Component: GTK UI
AssignedTo: jku(a)linux.intel.com
ReportedBy: jingke.zhang(a)intel.com
QAContact: jingke.zhang(a)intel.com
CC: shuang.wan(a)intel.com, syncevolution(a)lists.intel.com
Image: distro 20090803-001
Description:
===================
This issue is for security thinking. On the Sync service config page, we should
not let others to know the char number of user's password. For example,
when I used 123456 as the password, it shows "......".
when I used 12345678, it shows "........".
--
Configure bugmail: http://bugzilla.moblin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching someone on the CC list of the bug.
5:34 p.m.
New subject: [Bug 5019] Service config page should not show the char number of user's password
http://bugzilla.moblin.org/show_bug.cgi?id=5019
pohly <patrick.ohly(a)intel.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |patrick.ohly(a)intel.com
Resolution| |WONTFIX
--- Comment #1 from pohly <patrick.ohly(a)intel.com> 2009-08-07 00:34:40 ---
(In reply to comment #0)
Image: distro 20090803-001
Description:
===================
This issue is for security thinking. On the Sync service config page, we should
not let others to know the char number of user's password. For example,
when I used 123456 as the password, it shows "......".
when I used 12345678, it shows "........".
It is pretty standard to obfuscate the password like that. For example,
seahorse (the GUI for GNOME's keyring) also shows the correct number of dots. I
don't think we should deviate from that.
If someone has access to the machine, he can get the password anyway, no matter
what we show.
--
Configure bugmail: http://bugzilla.moblin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching someone on the CC list of the bug.
7:08 p.m.
New subject: [Bug 5019] Service config page should not show the char number of user's password
http://bugzilla.moblin.org/show_bug.cgi?id=5019
ZhangJingke <jingke.zhang(a)intel.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |VERIFIED
--- Comment #2 from ZhangJingke <jingke.zhang(a)intel.com> 2009-08-07 02:08:20 ---
This is a usability issue.
(In reply to comment #1)
If someone has access to the machine, he can get the password anyway,
no matter
what we show.
Well, verify this issue WONTFIX here.
--
Configure bugmail: http://bugzilla.moblin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching someone on the CC list of the bug.
4790
days inactive
4793
days old
syncevolution-issues@syncevolution.org
2 comments
1 participants
participants (1)
-
bugzilla@moblin.org