From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from resqmta-ch2-02v.sys.comcast.net (resqmta-ch2-02v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:34]) by hurricane.the-brannons.com (Postfix) with ESMTPS id 6779079046 for ; Thu, 17 Dec 2015 14:13:52 -0800 (PST) Received: from resomta-ch2-17v.sys.comcast.net ([69.252.207.113]) by resqmta-ch2-02v.sys.comcast.net with comcast id umDo1r0022TL4Rh01mDxJG; Thu, 17 Dec 2015 22:13:57 +0000 Received: from eklhad ([IPv6:2601:405:4001:e487:21e:4fff:fec2:a0f1]) by resomta-ch2-17v.sys.comcast.net with comcast id umDx1r00W2MDcd701mDx0V; Thu, 17 Dec 2015 22:13:57 +0000 To: Edbrowse-dev@lists.the-brannons.com From: Karl Dahlke Reply-to: Karl Dahlke References: <20151217134608.GA4216@acer.attlocal.net> User-Agent: edbrowse/3.6.0+ Date: Thu, 17 Dec 2015 17:13:57 -0500 Message-ID: <20151117171357.eklhad@comcast.net> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1450390437; bh=M2V8RUXuHERBtpgeYp/S32c46EnncCeVq43NJY99wgY=; h=Received:Received:To:From:Reply-to:Subject:Date:Message-ID: Mime-Version:Content-Type; b=l5lpruQVI82aAKgSplu04E6WDePXPLWMHn6C2FitkwSQmY/aLoeOFn10qbL4yvizi lVubRWzFtICdhIdH8bGZVcQLQqeuNgo+4heaBDGjweNCec0IqxEPCWvtf49dELNDnY EUZ+tWdcUAEd5EDtc4TljXTO0ntsLQzZEqrj1mRL2eSk9Yw2xJkmNr1GulcXtR8OlU Hn/DQCU0sonoZYljTk15tFgCvFqANn8HccIliW/1yN1rTGf/M9Zelb8PtZpsHBipo6 w1uxu+9BtltBs4+Z1C5JPrCQLa7zE88TRb/Z0noilI+CdYOELXDqW9JQJNbPGtgbm7 Nius9U4E+Slag== Subject: [Edbrowse-dev] masking of passwords X-BeenThere: edbrowse-dev@lists.the-brannons.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Edbrowse Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Dec 2015 22:13:52 -0000 > But what if there was an invisible mode? Well selfishly, I don't have a screen, so I don't care. But seriously... This is really a nontrivial effort. Sure I can suppress echo at the tty, but as soon as you hit return edbrowse prints the line with the password in position. There it is on the screen. Or if you ever reprint that line, there it is again. You can't just replace the text with stars because that very text is passed to our html tree and then to the server upon submit. The only way around this is to keep the text in place but muck with displayLine() so that if the tag is type password then everything between <> is replaced with stars. That could be done but now it's a piece of work at the input level, invisible mode, and the output level, displayLine. The invisible mode would have to supress echo under both cooked tty and readline, and then the same for the windows port, the latter I definitely don't know how to do. Karl Dahlke