• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
1

P: plug-in SDK password_field can be vulnerable on Windows

Community Beginner ,
Feb 18, 2017 Feb 18, 2017

Copy link to clipboard

Copied

I recently wrote a new plug-in for Lightroom and in doing so initially created a password_field that is taller than one line (height_in_lines = 3 in my case).

On a Mac, that password_field behaves just as it should: the content is obscured by round dots, and it cannot be copied into the clipboard.

On a Windows, though, to my horror a password_field with height_in_lines > 1 turns the field into a regular multi-line edit_field: the content is visible in plain sight, and it can be copied into the clipboard. This is a serious security flaw.

Granted, most password_field boxes are only one line high so perhaps this is an innocent oops, but I was certainly surprised to discover the difference between Mac and Windows.

Another minor nit is that the password_field on Mac can have a placeholder_string, but on Windows that placeholder_string is obscured as hashes. Duh!

Bug Acknowledged
TOPICS
macOS , Windows

Views

85

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
no replies

Have something to add?

Join the conversation