Hi! On Fri, Sep 12, 2008 at 07:41:05PM +0300, Toni Spets wrote: >Stuart Henderson wrote: >>On 2008-09-12, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >>> To all who opposed the suggestion to send one block of data >>> when the <Enter> key is pressed: my suggestion strictly referred >>> to the login procedure, not to the later data communication. I did >>> not mention this because I thought it was clear from the context >>> of the original poster who >>> has expressively mentioned "passwords". You may want to reconsider the >>suggestion in this light.
>>The initial password is sent as a block (of course that simple case >>was taken care of). The problem OP mentions relates to passwords typed >>within the session e.g. su, sudo, ssh to another host, ... >Wait, how do you know someone is typing a password inside the session >and not just writing a text file or typing arbitrary commands? At least things like getpass() would probably use a terminal mode that's *line* oriented but with echo disabled. Because it's line oriented, you lose nothing (like response to single character input) by sending block-wise on the client's side, not even the echo because that's disabled. That would be ECHO and ECHONL unset and ICANON set in the terminal local flags. (Perhaps one could even "don't care" on ECHONL, because one will send anyway once one reads a newline.) One would have to do erase/werase/kill processing locally, though, i.e. one would have to know the erase/werase/kill characters that would be in force on the remote side to emulate that correctly. Kind regards, Hannah.
