[Pidgin] #9205: Pidgin steals focus while typing passwords
Pidgin
trac at pidgin.im
Wed May 20 03:24:53 EDT 2009
#9205: Pidgin steals focus while typing passwords
-------------------+--------------------------------------------------------
Reporter: yohell | Type: defect
Status: new | Component: pidgin (gtk)
Version: 2.5.2 | Keywords: focus steal password security
-------------------+--------------------------------------------------------
I was typing my user account password for network authentication at work
when pidgin suddenly flashed a popup at me. What popup it was we'll never
know because it promptly disappeared. Presumably because I was still
typing and must have hit a key corresponding to one of the buttons in the
dialog. Shortly afterwards, still typing the password, I was again
interrupted by a focus stealing pidging popup asking me to accept the
certificate for login.live.com.
Stealing focus is always annoying, but stealing focus while the user is
typing a password is outright unaceptable.
Pidgin can be configured to not steal focus at least for new messages, but
it should be configurable to never ever steal focus for any reason
whatsoever. Perhaps this should be the default setting for security
reasons. Any life threatening emergencies like updated certificates and
the like should be put on hold until the user finds time to deal with it.
If an event is important enough to bother the user with *right now*, it is
also important enough not to have it flashed by undetected and discarded
because the user is busy typing something else at the time.
I don't know if pidgin has any popups with gtk.Entry() like controls on
them, but afaik they're not guaranteed not to have them. And it is quite
frankly a disturbing thought that an IM program may steal focus with a
popup and capture (part of?) one of my passwords and send it over the
internet (?) once I hit enter.
--
Ticket URL: <http://developer.pidgin.im/ticket/9205>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list