Re: [g-a-devel]role type - "password-text"

From: "Padraig O'Briain" <Padraig Obriain sun com>
To: gnome-accessibility-devel gnome org, anju premachandran wipro com
Cc: mukund rajagopalan wipro com, peter korn sun com, marc mulcahy sun com
Subject: Re: [g-a-devel]role type - "password-text"
Date: Mon, 29 Jul 2002 10:17:38 +0100 (BST)

Anju,

The role password-text is currently set in gail/gailentry.c for a text entry 
field for which entry->visible is FALSE.

The function atk_text_get_text() reports the text actually typed in not what is 
displayed.

I am not sure what the ATs do with this information.

Do you think that this is security bug and that the text for a GtkEntry for 
which visible is FALSE should not report the text actually typed in?

If you do, I would like to get confirmation from Peter Korn and Marc Mulcahy 
that they agree with you.

Padraig


> Hello all,
> 
> I could see a role type called "password-text" in
> atk/atk/atk-enum-types.c.
> I guess this is used for text widgets that take passwords.
> 
> Is this currently used anywhere?
> How does AT handle this ?
> 
> Please give in your valuable suggestions and opinions
> 
> Regards
> Anju
> 
> -------- Original Message --------
> Subject: RE: hi
> Date: Wed, 24 Jul 2002 13:15:29 +0530
> From: "Mukund" <mukund rajagopalan wipro com>
> To: "Anju" <anju premachandran wipro com>
> 
> Anju,
> 
> >
> > There is a role type called "password-text" in
> > atk/atk/atk-enum-types.c.Where is this exactly used?Can it cause any
> > security loopholes?
> >
> 	(1) This would be something to *plug* any security hole. AT-s will have
> to look at this role and act accordingly. AT-s normally 'read-out' the
> text typed for blind users. The fact that you got a distinct role for
> passwords (instead of sharing the role of normal text) means that the
> AT-s will read "StarStarStarStar" when "ABCD" is typed.
> 	(2) The above, if right, means that you got to audit, not only the
> applications that has password-feature in them, but also the AT-s.
> That's because it's not sufficient that the apps set the AtkRole but the
> AT-s respect the roles that are set.
> 
> 	(Disclaimer: All thoughts of mine are a guess and Bill will have to
> confirm but this is a good guess :-)
> 
> Cheers,
> Mukund.
> _______________________________________________
> Gnome-accessibility-devel mailing list
> Gnome-accessibility-devel gnome org
> http://mail.gnome.org/mailman/listinfo/gnome-accessibility-devel

Follow-Ups:
- Re: [g-a-devel]role type - "password-text"
  - From: Bill Haneman

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]