Open fennectech opened 6 years ago
The password will still have be transferred through telnet so "hiding" the chars wouldn't make any difference in transfer-security.
There are some 3 byte telnet character codes that essentially say "echo" or "no echo," provided the client is willing to listen. I'll look into using those to address the "over the shoulder" concern. Transporting in plaintext really is the bigger weakness though, as @jakibaki pointed out.
Yeah.
I recomend not displaying the charicters when the user enters their password Its usually done to foil shoulder surfers but with telnet its like making your lock out of paper.