Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #101642
| Path | csiph.com!fu-berlin.de!uni-berlin.de!not-for-mail |
|---|---|
| From | Ian Kelly <ian.g.kelly@gmail.com> |
| Newsgroups | comp.lang.python |
| Subject | Re: [Python-ideas] Password masking for getpass.getpass |
| Date | Wed, 13 Jan 2016 17:17:42 -0700 |
| Lines | 18 |
| Message-ID | <mailman.119.1452730710.13488.python-list@python.org> (permalink) |
| References | <CAC_1O72sKRq_YPCUL3ABQHNZu3Mfsa-V=pvBF_ZUmVn2KJeoZg@mail.gmail.com> <20160113015414.GF10854@ando.pearwood.info> <20160113021746.GA26480@phdru.name> <CAPTjJmry6FBEzcH8rPHbyUSSGadZ+a4ih9mbeeNG1hWx=TioBQ@mail.gmail.com> <20160113100442.GI10854@ando.pearwood.info> <CAPTjJmqk29dLRfdXBiBAJx5ZsvRNHQesNEciw1h93+rJ7b9o3g@mail.gmail.com> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=UTF-8 |
| X-Trace | news.uni-berlin.de xxZ5eH/wVc5Z3i1HYMzYhwoH8IkEzf2XbBvT3XQeSGRw== |
| Return-Path | <ian.g.kelly@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.057 |
| X-Spam-Evidence | '*H*': 0.89; '*S*': 0.00; 'subject:: [': 0.03; 'subject:Python': 0.05; 'stored': 0.10; 'thread': 0.10; 'itself.': 0.11; 'jan': 0.11; 'wed,': 0.15; '2016': 0.16; 'received:io': 0.16; 'received:psf.io': 0.16; 'subject:ideas': 0.16; 'wrote:': 0.16; 'subject:] ': 0.19; 'am,': 0.23; 'downloaded': 0.24; 'header :In-Reply-To:1': 0.24; 'script': 0.25; 'chris': 0.26; 'wonder': 0.27; 'message-id:@mail.gmail.com': 0.27; '13,': 0.29; "i'm": 0.30; 'probably': 0.31; 'realize': 0.32; 'server': 0.34; 'that,': 0.34; 'gets': 0.35; 'received:google.com': 0.35; 'quite': 0.35; 'but': 0.36; 'received:209.85': 0.36; 'form,': 0.36; 'to:addr :python-list': 0.36; 'really': 0.37; 'display': 0.37; 'received:209.85.213': 0.37; 'itself': 0.38; 'received:209': 0.38; 'means': 0.39; 'does': 0.39; 'submit': 0.39; 'subject:-': 0.39; 'to:addr:python.org': 0.40; 'secure': 0.60; 'your': 0.60; 'yes': 0.62; 'details': 0.62; 'matter': 0.63; 'fire': 0.63; 'card': 0.63; 'encrypted': 0.66; "they're": 0.66; 'connection,': 0.72; 'connection.': 0.76; '"look': 0.84; 'insecure': 0.84; 'to:name:python': 0.84; 'subject:skip:g 10': 0.91 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=xnFeMDkIPCYMRGYKUtiixn30hyvxw/2EZsgVeJniIDQ=; b=Uak/Vwz7cJnXDZSbX9UNod4h8lpc5qvSFz3lywWyRQxxA9CKZEZAMC+xSOlVC98ge/ kObvpIwOjN2HRF+Cwrjg3cYtx8Y/oMLKA/72bN7NByp1PQRpueLW8KX7dKqtgftg7VFm G1J770tctJJmxfHkKRAxR1A/rknWmRMLpgQIlaiYIbA4J7KZNGP2CikTQXwoqQRxewRG ISG2muTfppkBCmzF9D9iqEtsHR9j0SDyqrpppM1BnYK+oVo49aZ3BVbl5gpsJFBO+Sws E/UFPJm3LJwl/Xr1R45T8fh5H9mSLbmg7OgMTo5b8gk+pJfJ5rFeVO3DUVpJZxGOa4bV e2iw== |
| X-Google-DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=xnFeMDkIPCYMRGYKUtiixn30hyvxw/2EZsgVeJniIDQ=; b=X2URlLWfnxDBs/zGczVCBnfwwUU9q7wB2f4CkFdlP4m8mNi6gc+W9r+111H9vt9THP CpOWk7HgDnadtYpE8X2O2J39yTI32LRhCmApFZWcq7tWtDm4OjSgIrc/mdBhMgWgMZjL Iif19JpqeQ4KeETZfyzpd/colV2GvdQRzVJIRCIeQ3nP11RauVDOu0dIlub/yLKhSK5u KQNXJn0j1yRl2mFdClhzZZKdTHArxDql+7YpBLmXci4OSGd8zYu5zLS86ojj29m/zdn+ mArnRzA6YkPov93c6TRPHYPdAL1SiCcMR0Z5l+B7qCWPwn8bJckCMb3jK+1SIIPZzYFC qUzQ== |
| X-Gm-Message-State | ALoCoQnQgZdzc+aE7DLJEwWzbxkkOhIs58jShhxlh5oohBt6LgVBKwpF+P/9AZ+UAzplDP9EJgOyaSLeNuojs887IrXQH0t9Rw== |
| X-Received | by 10.50.77.81 with SMTP id q17mr1843300igw.93.1452730701701; Wed, 13 Jan 2016 16:18:21 -0800 (PST) |
| In-Reply-To | <CAPTjJmqk29dLRfdXBiBAJx5ZsvRNHQesNEciw1h93+rJ7b9o3g@mail.gmail.com> |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.20+ |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Xref | csiph.com comp.lang.python:101642 |
Show key headers only | View raw
On Wed, Jan 13, 2016 at 3:19 AM, Chris Angelico <rosuav@gmail.com> wrote: > You're quite probably right that obfuscating the display is security > theatre; but it's the security theatre that people are expecting. If > you're about to enter your credit card details into a web form, does > it really matter whether or not the form itself was downloaded over an > encrypted link? But people are used to "look for the padlock", which > means that NOT having the padlock will bother people. If you ask for a > password and it gets displayed, people will wonder if they're entering > it in the right place. I realize that I'm taking this thread off-topic, but yes it's important that the form itself be downloaded over a secure connection. If I can MitM the form response over an insecure connection, then I can also MitM the form itself. And if I can do that, then I can deliver exactly the form you were expecting, but with an added script that will read your credit card number as you type it and then fire it off to be stored on my server before you've even hit the Submit button.
Back to comp.lang.python | Previous | Next — Next in thread | Find similar | Unroll thread
Re: [Python-ideas] Password masking for getpass.getpass Ian Kelly <ian.g.kelly@gmail.com> - 2016-01-13 17:17 -0700 Re: [Python-ideas] Password masking for getpass.getpass Steven D'Aprano <steve@pearwood.info> - 2016-01-14 11:33 +1100
csiph-web