[ previous ] [ next ] [ threads ]
 
 From:  Tet Yoon Lee <leety at ihug dot co dot nz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] PPPOE hide password
 Date:  Wed, 30 Jan 2008 20:10:53 +1300
At 07:22 a.m. 29/01/2008, you wrote:
>Just a thought...
>
>But i would say this would give people a false sense of security. The password is stored in clear
text in the config file, so there is no point in obscuring it in the GUI. If someone has access to
the GUI then they can get the password from the config file.

Not that I need such a feature myself but I guess it depends who you're hiding it from. Unless I'm
mistaken the primary reason for such hidden passwords is usually because you never know who's
looking over your shoulder or perhaps you do know and you don't want them to see. Just like in
browsers etc the asterix is useless if someone has access to the computer (if the browser stores the
password or they install a key logger they can easily get any and all passwords). But it does help
protect against people without access you just happen to be passing by... Or if you're showing
someone with limited access how to do something and accidentally click on the WAN tab (yes it's
undoubtedly a bad idea to use a full access account show someone something but you know how silly
people can be...).

Perhaps make a 'hide passwords' option but make it clear when selecting the option it only protects
against prying eyes not people with access to the GUI/firewall?

Cheers