You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Chris Lombardi (JIRA)" <ji...@apache.org> on 2007/06/27 17:49:26 UTC
[jira] Created: (OFBIZ-1106) Passwords in POS are shown in clear
text
Passwords in POS are shown in clear text
----------------------------------------
Key: OFBIZ-1106
URL: https://issues.apache.org/jira/browse/OFBIZ-1106
Project: OFBiz
Issue Type: Improvement
Components: pos
Affects Versions: SVN trunk
Environment: All
Reporter: Chris Lombardi
Priority: Minor
Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Wickersheimer Jeremy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12536113 ]
Wickersheimer Jeremy commented on OFBIZ-1106:
---------------------------------------------
Hi Dan,
You have to consider that your average POS operator is probably not a Unix guru, so printing asterisks won't be out of place.
You should also consider that user want feedback for their input, and i guess when using POS with a touch screen such feedback would be even nicer.
I don't see how knowing the length of a PIN number would decrease security (see credit cards). Managing the POS passwords in a secure way should be done by the administrators enforcing a good password policy.
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Dan Shields (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Shields updated OFBIZ-1106:
-------------------------------
Attachment: input-contents-hidden.patch
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Jacques Le Roux (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535722 ]
Jacques Le Roux commented on OFBIZ-1106:
----------------------------------------
Either you did not understood me or you did not update the patch. I meant put * in place of char as it's traditionnaly done everywhere to let know the user he has typed a char...
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Dan Shields (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Shields updated OFBIZ-1106:
-------------------------------
Attachment: (was: input-contents-hidden.patch)
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (OFBIZ-1106) Passwords in POS are
shown in clear text
Posted by "Dan Shields (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535401 ]
d4n edited comment on OFBIZ-1106 at 10/16/07 10:05 PM:
---------------------------------------------------------------
I have attached input-contents-hidden.patch to this issue.
This is a trivial workaround that makes the input area the same color as the background when the password is being input.
This is my first patch submittal to the OFBiz project so there are bound to be many faults on my part. I welcome all comments and criticisms.
was (Author: d4n):
I have attached Input.patch and SecurityEvents.patch files to this issue.
This is a trivial workaround that makes the input area the same color as the background when the password is being input.
This is my first patch submittal to the OFBiz project so there are bound to be many faults on my part. I welcome all comments and criticisms.
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Dan Shields (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Shields updated OFBIZ-1106:
-------------------------------
Attachment: (was: SecurityEvents.patch)
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Dan Shields (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Shields updated OFBIZ-1106:
-------------------------------
Attachment: (was: Input.patch)
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Jacques Le Roux (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux reassigned OFBIZ-1106:
--------------------------------------
Assignee: Jacques Le Roux
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Chris Lombardi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12508595 ]
Chris Lombardi commented on OFBIZ-1106:
---------------------------------------
I don't currently, but I plan on working on it.
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Chris Lombardi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535809 ]
Chris Lombardi commented on OFBIZ-1106:
---------------------------------------
This isn't the way I would have done it, but I hadn't thought of it either. IMHO, this patch is a definite improvement. Would it be possible to accept the patch and open a new jira issue to implement it as JLR suggested or with leaving the implementation open but having more crisp requirements?
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Dan Shields (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Shields updated OFBIZ-1106:
-------------------------------
Attachment: input-contents-hidden.patch
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Dan Shields (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535964 ]
Dan Shields commented on OFBIZ-1106:
------------------------------------
Jacques,
I have taken your comments as serious advice to me, and I have noted that you have correctly pointed out that my patch does not follow the design precedent of XUI (you did not exactly say it this way). In my own defense: I had pursued the XUI path the other night but discarded it after estimating the number of changes that would be required in code that I am unfamiliar with (I'm new here). For example, the straightforward refactoring of the Input/XEdit relationship to support substituting a XPassword field at (and only at) the correct time, is potentially a night-mare without a test harness around the existing Input behavior. Maybe this is a good way to do things, maybe not. Someone with more experience with the source in this area may have better comments than me.
I am puzzled when you say that this phenomenon (asterisk-echo) is everywhere. I certainly don't see it everywhere, but I suppose it depends on what sw you are running. It is not present in the login prompts on Linux, BSD or Solaris, though I admit that graphical display managers (gdm, kdm) tend to exhibit this fault. Perhaps the past experiences you have had with software are quite different from mine, as I would expect would be different any other peoples that we compared. I feel that this phenomenon is a recent trend in graphical interfaces, on the web especially because it is built in behavior to the password element of HTML. But this does not say that asterisk-echo is a standard, nor that it is always a good idea.
The bug I have with showing the password is: anyone else may see that you are typing your password, and may have some greater idea of what you are typing. The length of your password as well as pauses that indicate rhythm are noticeable by casual onlookers. This is especially a common problem in a situation where:
a) there are many staff members who would like to gain unrestricted access to the manager account on the POS terminal (the manager account is frequently used for price changes); and
b) the entry of passwords on a keypad restricts the characters used to 0-9, this drastically reduces the range of possible passwords.
In many scenarios the cash boxes contain significant money, so they must be managed in a security conscious way. It matters very little what other software does, it only matters what we do.
I hope I can do better on my next contrib.
Cheers,
Dan Shields
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (OFBIZ-1106) Passwords in POS are
shown in clear text
Posted by "Dan Shields (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535401 ]
d4n edited comment on OFBIZ-1106 at 10/16/07 9:34 PM:
--------------------------------------------------------------
I have attached Input.patch and SecurityEvents.patch files to this issue.
This is a trivial workaround that makes the input area the same color as the background when the password is being input.
This is my first patch submittal to the OFBiz project so there are bound to be many faults on my part. I welcome all comments and criticisms.
was (Author: d4n):
This is a trivial workaround that makes the XEdit instance in the input area the same color as the background when the password is being input.
This is my first patch submittal to the OFBiz project so there are bound to be many faults on my part. I welcome all comments and criticisms.
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: Input.patch, SecurityEvents.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Dan Shields (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Shields updated OFBIZ-1106:
-------------------------------
Comment: was deleted
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch, input-with-password.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Jacques Le Roux (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12540070 ]
Jacques Le Roux commented on OFBIZ-1106:
----------------------------------------
Dan,
I tried your patch (on release4.0 since POS is unusable in trunk for now : OFBIZ-1385). It works well, good job. Using net.xoetrope.swing.XPassword is really the good idea.
I wil not apply it to release before testing it in trunk (it should work without problem) but please see also the following remark about your patch.
For new file you should not put any specific svn:properties (author for instance) but as you granted your right to Apache foundation you should put the Apache header. Please look into APACHE2_HEADER file in OFBiz root.
In case of doubt please refer to http://docs.ofbiz.org/display/OFBADMIN/OFBiz+Contributors+Best+Practices
Thanks for your work
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch, input-with-password.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Dan Shields (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Shields updated OFBIZ-1106:
-------------------------------
Attachment: input-with-password.patch
This patch includes the Apache headers.
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch, input-with-password.patch, input-with-password.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Scott Gray (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12536114 ]
Scott Gray commented on OFBIZ-1106:
-----------------------------------
+1 for asterisks
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Dan Shields (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Shields updated OFBIZ-1106:
-------------------------------
Attachment: input-with-password.patch
Thanks to all who sent me their criticisms and comments.
I finally redid this patch the way it was intended in the first place. It is more satisfying because it allows the full style control over elements that is intended in XUI in the first place (including btw the default use of an echoing character).
The method may appear to be more complicated, but overall I am happier with this approach despite my obvious belly-aching about needing test cases for all these little things before I would touch the code.
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch, input-with-password.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (OFBIZ-1106) Passwords in POS are
shown in clear text
Posted by "Dan Shields (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12539278 ]
d4n edited comment on OFBIZ-1106 at 10/31/07 9:32 PM:
--------------------------------------------------------------
Thanks to all who sent me their criticisms and comments.
I finally redid this patch (see attachement input-with-password.patch) the way it was intended in the first place. It is more satisfying because it allows the full style control over elements that is intended in XUI in the first place (including btw the default use of an echoing character).
The method may appear to be more complicated, but overall I am happier with this approach despite my obvious belly-aching about needing test cases for all these little things before I would touch the code.
was (Author: d4n):
Thanks to all who sent me their criticisms and comments.
I finally redid this patch the way it was intended in the first place. It is more satisfying because it allows the full style control over elements that is intended in XUI in the first place (including btw the default use of an echoing character).
The method may appear to be more complicated, but overall I am happier with this approach despite my obvious belly-aching about needing test cases for all these little things before I would touch the code.
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch, input-with-password.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Jacques Le Roux (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12508591 ]
Jacques Le Roux commented on OFBIZ-1106:
----------------------------------------
Hi Chris,
Do you have a fix for this ? Else I will look at it but I don't know when...
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Chris Lombardi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535813 ]
Chris Lombardi commented on OFBIZ-1106:
---------------------------------------
Upon reading the patch, the code seems more secure than the original description implied - making the passcode the same color as the background, whereas the code actually hides the input object. Adding asterisks for typed keys is a small difference in opinion on implementation and some would say less secure method. This patch definitely satisfies my requirements 100% and doesn't present any security holes that I'm aware of.
I definitely support rolling in this patch. Thanks Dan!
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Dan Shields (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535779 ]
Dan Shields commented on OFBIZ-1106:
------------------------------------
Hi Jacques, thanks for your comments. This patch is intended to provide a hygienic fix for the issue as stated without adding any feature. An asterisk-echo feature can be added if necessary, but I have not heard this feature called for. I have always assumed that asterisk-echoing software had obvious bugs, but I do not believe it is my call to make this kind of user-interface decision. The plain and simple fact for me is that this problem has been blocking my clients from realizing the full potential of OFBiz for a long time, and it is time that there was some kind of fix in the main distribution. If you find this at all useful, please accept it. Either way, I will have already implemented this patch in my own deployments and I have already moved on to more important tasks.
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Jacques Le Roux (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux closed OFBIZ-1106.
----------------------------------
Resolution: Fixed
Fix Version/s: SVN trunk
Thanks Dan,
Your patch is in trunk revision: 593671
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Fix For: SVN trunk
>
> Attachments: input-contents-hidden.patch, input-with-password.patch, input-with-password.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Jacques Le Roux (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535475 ]
Jacques Le Roux commented on OFBIZ-1106:
----------------------------------------
Hi Dan,
Your patch is good (just reviewed but I guess it works well, really simple), I wonder though if we should not better use the standard **** method ?
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Jacques Le Roux (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535988 ]
Jacques Le Roux commented on OFBIZ-1106:
----------------------------------------
Thanks for comment Dan,
Actually, I did not criticise your patch (even if you found some advices in my comment ;o). I tried it since then and it's ok to me. The only point was that a new user will not see any chars when typing and may be wondering if the POS is not working or such
I understand and agree about your security concerns. For the password lenght we could enforce the number of characters. There is already something like that in OFBiz (see security.properties). For the number of chars seen on screen (number of * actually) we could use a random factor (x3, x5) when rendering each character.
Maybe your solution is better, it's just that I'm worrying about red herrings ;o)
Any opinion anybody (aleady 2 for, one wondering) ?
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Dan Shields (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Shields updated OFBIZ-1106:
-------------------------------
Attachment: input-contents-hidden.patch
Great idea. It does make it even smaller and simpler. I have updated the patch.
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch, input-contents-hidden.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Jacques Le Roux (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535903 ]
Jacques Le Roux commented on OFBIZ-1106:
----------------------------------------
Dan,
"I have always assumed that asterisk-echoing software had obvious bugs" this is interesting can you elaborate a bit more please ?
Have I missed something about that point ? I see asterisk-echoing evrywhere, and I see an advantage upon your solution : the user know he is typing something.
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: input-contents-hidden.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-1106) Passwords in POS are shown in clear
text
Posted by "Dan Shields (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-1106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Shields updated OFBIZ-1106:
-------------------------------
Attachment: SecurityEvents.patch
Input.patch
This is a trivial workaround that makes the XEdit instance in the input area the same color as the background when the password is being input.
This is my first patch submittal to the OFBiz project so there are bound to be many faults on my part. I welcome all comments and criticisms.
> Passwords in POS are shown in clear text
> ----------------------------------------
>
> Key: OFBIZ-1106
> URL: https://issues.apache.org/jira/browse/OFBIZ-1106
> Project: OFBiz
> Issue Type: Improvement
> Components: pos
> Affects Versions: SVN trunk
> Environment: All
> Reporter: Chris Lombardi
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: Input.patch, SecurityEvents.patch
>
>
> Passwords entered in the POS are displayed in the clear in the POS input panel.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.