From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from nautica.notk.org (ipv6.notk.org [IPv6:2001:41d0:1:7a93::1]) by hurricane.the-brannons.com (Postfix) with ESMTPS id 0460479314 for ; Sun, 2 Jul 2017 22:19:14 -0700 (PDT) Received: by nautica.notk.org (Postfix, from userid 1001) id 6E452C01D; Mon, 3 Jul 2017 07:19:42 +0200 (CEST) Date: Mon, 3 Jul 2017 07:19:27 +0200 From: Dominique Martinet To: Edbrowse-dev@lists.the-brannons.com Message-ID: <20170703051927.GA1994@nautica> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Subject: [Edbrowse-dev] Disabling local echo for password fields X-BeenThere: edbrowse-dev@lists.the-brannons.com X-Mailman-Version: 2.1.24 Precedence: list List-Id: Edbrowse Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2017 05:19:14 -0000 Hi all, (I'm new here, just recently found out about edbrowse and I like the concept) This discussion started on github, I will write a short recap for people not following github issues: https://github.com/CMB/edbrowse/pull/29 Basically, I'd like to disable local echo to keep passwords for appearing in plain text, so people in the same room will not be able to glance over my shoulder. This is consistent with most unix login utilities (initial login, ssh password prompt, etc) One of the issue that was raised is that I only made the change for HTTP auth, but that leaves many password input fields visible so it is a very incomplete fix. There are two sides to input fields: - the input itself, as things stand, small input fields have to be entered as a full line e.g. i2=mypass, which cannot be easily hidden as we read lines one at a time. CMB suggested adding a new input function, for example 'pi' for 'private input', that would prompt for the content of the input box and could be more easily hidden. If the extra command is a burden, we could make 'i' work again in browse mode, and decide if there should be local echo based on the input field type=password - the input content printed back out when you display the buffer content, e.g. 'p' after entering. This text could be starred out, either based on type=password, or if a new command is implemented we could just always display stars whenever that private input command is used (as the user likely would not want the input of these commands printed) What are others thoughts of adding such a command? I like the idea and don't see much downsides, anyone wanting to use i2=pass still can if they want to and it would be appropriate. It might be slightly more confusing for new users but I think the concept of no-echo is common enough in the unix world, I'm not too sure about windows. Other points that were addressed: - windows users will need a different way to disable echo, I'm not familiar with windows terminal/input window at all, but I understand the need. I will split the linux tcsetattr code in a subfunction that will need a windows equivalent. - there is a second patch about adding CURLAUTH_NEGOTIATE back as an option as I would use it, Adam Thompson disabled it back in 2014; waiting for his or anyone's input if it is still useful to keep disabled by default or not. Thank you for reading, -- Dominique Martinet | Asmadeus