Superbil / tunnelblick

Automatically exported from code.google.com/p/tunnelblick
1 stars 0 forks source link

Allow pasting on username & password field when connecting #178

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Copy any text from notepad/anywhere
2. In Tunnelblick, connect to any password-authenticate connection
3. Try paste the text on either username or password field
   (using either shortcut key or right-click)

What is the expected output?
* able to paste text

What do you see instead?
* paste doesn't work
* the paste option in right-click menu is disabled

What version of Tunnelblick are you using? On what version of OS X?
* Tunnelblick 3.1.7
* Mac OS X 10.6.7

Rationale
* for security reason, some users use a long and strong password generated by 
program like KeePassX
* these passwords can be very long and more practically to be copy&paste, 
instead of manual type in

Original issue reported on code.google.com by art...@gmail.com on 14 Apr 2011 at 6:57

GoogleCodeExporter commented 9 years ago
duplicated with issue #157 (filed as WON'T FIX)

Original comment by art...@gmail.com on 14 Apr 2011 at 10:09

GoogleCodeExporter commented 9 years ago
The changes to implement this have already been made to the source code and 
committed as r1415. It will be included in the next beta release. Both 
command-v and right-click/paste are supported.

The practice of doing a copy/paste of passwords is discouraged for two reasons:

(1) After the copy, the password is available to all programs running on the 
computer until other text is cut or copied. For example, a webpage running 
malicious Javascript, which could then send it anywhere on the Internet.

(2) After the copy, the password is available to anyone else who has physical 
access to the computer until other text is cut or copied. For example, a 
co-worker with access to your computer can paste the password into a document 
and see your password.

I believe that these reasons are why OS X doesn't allow copy/paste in password 
fields.

However, I agree that being able to do this is very useful. And it is safe for 
someone who cuts/copys something else immediately afterward to remove the 
clipboard entry, and who closes all other programs while doing this.

Original comment by jkbull...@gmail.com on 14 Apr 2011 at 10:30

GoogleCodeExporter commented 9 years ago
But on the other hand side, copying passwords from my wallet utility (KeepassX 
in my case) prevents me from keyloggers. And the wallet utility deletes the 
clipboard entry after 10 seconds. Let the users decide if they want to use 
copy/paste or not.

Original comment by dan...@bertolo.ch on 14 Apr 2011 at 3:29