Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #101643
| Path | csiph.com!fu-berlin.de!uni-berlin.de!not-for-mail |
|---|---|
| From | Chris Angelico <rosuav@gmail.com> |
| Newsgroups | comp.lang.python |
| Subject | Re: [Python-ideas] Password masking for getpass.getpass |
| Date | Thu, 14 Jan 2016 11:27:21 +1100 |
| Lines | 25 |
| Message-ID | <mailman.120.1452731243.13488.python-list@python.org> (permalink) |
| References | <CAC_1O72sKRq_YPCUL3ABQHNZu3Mfsa-V=pvBF_ZUmVn2KJeoZg@mail.gmail.com> <20160113015414.GF10854@ando.pearwood.info> <20160113021746.GA26480@phdru.name> <CAPTjJmry6FBEzcH8rPHbyUSSGadZ+a4ih9mbeeNG1hWx=TioBQ@mail.gmail.com> <20160113100442.GI10854@ando.pearwood.info> <CAPTjJmqk29dLRfdXBiBAJx5ZsvRNHQesNEciw1h93+rJ7b9o3g@mail.gmail.com> <CALwzid=zC+T9SZCrgWGM=R9EH1VDXruCQzfzQXERoPOB+3zOjQ@mail.gmail.com> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=UTF-8 |
| X-Trace | news.uni-berlin.de XHT3B/Y/X+zzXwDYxD2V1w7brYLqDrPhRHr7Pmrt5LwQ== |
| Return-Path | <rosuav@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.009 |
| X-Spam-Evidence | '*H*': 0.98; '*S*': 0.00; 'subject:: [': 0.03; 'received:209.85.223': 0.03; 'subject:Python': 0.05; 'cc:addr :python-list': 0.09; 'stored': 0.10; 'thread': 0.10; 'itself.': 0.11; 'jan': 0.11; 'wed,': 0.15; 'thu,': 0.15; '2016': 0.16; 'cc:name:python': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'received:io': 0.16; 'received:psf.io': 0.16; 'subject:ideas': 0.16; 'wrote:': 0.16; 'subject:] ': 0.19; 'cc:2**0': 0.20; 'cc:addr:python.org': 0.20; 'am,': 0.23; 'downloaded': 0.24; 'header:In-Reply-To:1': 0.24; 'script': 0.25; 'chris': 0.26; 'wonder': 0.27; 'message-id:@mail.gmail.com': 0.27; '14,': 0.27; '13,': 0.29; "i'm": 0.30; 'probably': 0.31; 'realize': 0.32; 'server': 0.34; 'that,': 0.34; 'gets': 0.35; 'received:google.com': 0.35; 'quite': 0.35; 'but': 0.36; 'received:209.85': 0.36; 'form,': 0.36; 'really': 0.37; 'display': 0.37; 'itself': 0.38; 'received:209': 0.38; 'means': 0.39; 'does': 0.39; 'submit': 0.39; 'subject:-': 0.39; 'secure': 0.60; 'your': 0.60; 'yes': 0.62; 'details': 0.62; 'matter': 0.63; 'fire': 0.63; 'card': 0.63; 'encrypted': 0.66; "they're": 0.66; 'connection,': 0.72; 'connection.': 0.76; '"look': 0.84; 'chrisa': 0.84; 'insecure': 0.84; 'subject:skip:g 10': 0.91 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=OwW1/sU0nLzqDqTvfZlLAnr893zdceXpEnvzXFBfG+A=; b=QfmlY2XcxbjZcJmwqcf89DEDgGugjXbrsuv7wSMdyaF+/Q5mY+lIGOAFuwdIBGHagj lHoroyONuSiMPV0VjVP8TyQKnQgfvklCTEf9OhxgzliZ4jwV9d+q9ehoHCILmNmB+uu5 GENGp7cqz2Nb79j1QkWNcH4ZjbMnGkcUkBXUGi6h3xwyJocBWgOFmu4DW0SFLS+wneef 89VUGreELNbPL5pOKe/vvG55CcaR6Vic5eiB5+jI+Aoj0+g6oDQxyvZXE+qCKmTe7lpE oIK2W21Jsac5tJG58Tq5R8hOLkjGwzonr8CfRe/odUOWtzaLb+95ISB5+OiGLZEoF958 zklg== |
| X-Google-DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=OwW1/sU0nLzqDqTvfZlLAnr893zdceXpEnvzXFBfG+A=; b=GM4wlP2ZO2MBnSvzLHeUYbQmXsPOBizFbcpDU9alym3MJ8g900qfmPatgwZXeTlQYH 4PE9zZ3WMfEKolI2gmrm2e7UZp+MdO0CDrO6+WhWmayDsvvry5bYIM9W4vr81PEzEh0y xddHCC7I9mnN0FYmrf2Pb7JXvfCy53OlvEXfXLQHU7pTRLCgl3Q4hyRHBZCN/8LXqeXi jqFZvB52K1k9uvMjK2HQEe08aYigDuL5q0l0OAcP1x1EbJtmZLsAGd6hG71bCj6Ks00k /czhnVs0qUL629ewPEWPc9+s8BRuxabZVYj88pTI+Ifm4bnNCR5zN08K/ZFdUVire4/t 6eNg== |
| X-Gm-Message-State | ALoCoQnW/dxWcBjdWhUFG7LujTqdH6EI9bMomYnBypVEcjwGixNte67enTIq5DDsMW/FytWtfVrrbb3uuBmlFE/SxGAlSSto+A== |
| X-Received | by 10.107.47.162 with SMTP id v34mr1707478iov.19.1452731241339; Wed, 13 Jan 2016 16:27:21 -0800 (PST) |
| In-Reply-To | <CALwzid=zC+T9SZCrgWGM=R9EH1VDXruCQzfzQXERoPOB+3zOjQ@mail.gmail.com> |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.20+ |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Xref | csiph.com comp.lang.python:101643 |
Show key headers only | View raw
On Thu, Jan 14, 2016 at 11:17 AM, Ian Kelly <ian.g.kelly@gmail.com> wrote: > On Wed, Jan 13, 2016 at 3:19 AM, Chris Angelico <rosuav@gmail.com> wrote: >> You're quite probably right that obfuscating the display is security >> theatre; but it's the security theatre that people are expecting. If >> you're about to enter your credit card details into a web form, does >> it really matter whether or not the form itself was downloaded over an >> encrypted link? But people are used to "look for the padlock", which >> means that NOT having the padlock will bother people. If you ask for a >> password and it gets displayed, people will wonder if they're entering >> it in the right place. > > I realize that I'm taking this thread off-topic, but yes it's > important that the form itself be downloaded over a secure connection. > If I can MitM the form response over an insecure connection, then I > can also MitM the form itself. And if I can do that, then I can > deliver exactly the form you were expecting, but with an added script > that will read your credit card number as you type it and then fire it > off to be stored on my server before you've even hit the Submit > button. Noscript FTW. :) ChrisA
Back to comp.lang.python | Previous | Next — Next in thread | Find similar | Unroll thread
Re: [Python-ideas] Password masking for getpass.getpass Chris Angelico <rosuav@gmail.com> - 2016-01-14 11:27 +1100
Re: [Python-ideas] Password masking for getpass.getpass Steven D'Aprano <steve@pearwood.info> - 2016-01-14 11:47 +1100
Re: [Python-ideas] Password masking for getpass.getpass Michael Torrie <torriem@gmail.com> - 2016-01-13 17:59 -0700
Re: [Python-ideas] Password masking for getpass.getpass Marko Rauhamaa <marko@pacujo.net> - 2016-01-14 08:32 +0200
csiph-web