ggreer
commented
11 years ago This is a good idea, but my tty-fu is weak. If you have any suggestions on how best to implement this, I'm all ears.
Closed byroot closed 10 years ago
ggreer
commented
11 years ago This is a good idea, but my tty-fu is weak. If you have any suggestions on how best to implement this, I'm all ears.
kans
commented
10 years ago We actually tested this implementation. It turns out that echo is almost always disabled. The shell is responsible for echoing in most cases. The only time we ever found echoing enabled was in cat.
ggreer
commented
10 years ago Update: We've changed flootty so that the owner of a terminal never sends the actual data typed to us. It only sends a "user typed something" event, and only every two seconds at most. This means that passwords not sent to us. In fact, not even the length of the password is sent.
Of course, anyone joining the terminal has to send the input to us, and we have to forward that data to the terminal owner.
Still, I think this solves the problem in this issue. Closing.
Hi,
After a quick check it seems that when the terminal echo is disabled (typically used to type passwords) the keystroke is still sent to the server.
It may be a good idea to check terminal echo before sending data.
Regards.