This is the mail archive of the
libc-hacker@sourceware.cygnus.com
mailing list for the glibc project.
Re: [ak@muc.de] libc/796: getpass() is not usable for high security applications
In dist.glibc, article <909164175.5232@noris.de>,
drepper@cygnus.com (Ulrich Drepper) writes:
>
> This was indeed added for security reasons. I cannot remember the
> details anymore, though.
>
I can think of only one rationale -- force the the user to wait for the
password prompt before typing the passwort.
If you typeahead the password, it will be visible because the tty is in
echo mode. That will allow somebody who looks at your screen to see the
password, which is arguably easier than to watch you type it.
--
Matthias Urlichs | noris network GmbH | smurf@noris.de | ICQ: 20193661
The quote was selected randomly. Really. | http://www.noris.de/~smurf/
--
Fear is the tax that the conscience pays to guilt.
-- Sewell