Package: gringotts
Version: 1.2.8+1.2.9pre1-7
Severity: normal
Gringott's leaves your information out in plain sight,
so that anyone walking by can see it and read it
off your screen. This is a real security risk,
especially for high-value information like bank
account passwords.
I'd suggest several fixes:
1) Only display the secure text when the mouse
is over the Gringott's window. When
the mouse isn't over the window,
I'd suggest replacing it with a image
saying "MOUSE HERE TO READ".
Alternatively, when the mouse is off,
I'd replace all the letters in the text
with rectangular boxes. That'd give
the owner some visual cue which entry
he/she is looking at, while not revealing
much information to unwanted onlookers.
I'd leave the titles readable.
2) Put a configurable time-out on the secure text.
After (by default) 60 seconds, the main
Gringotts text area would be blanked.
It would unblank on a mouse-over or click
event.
3) Put a configurable time-out on Gringotts overall.
After (by default) 30 minutes, if no changes
have been made, Gringotts will shut down.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11-1-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages gringotts depends on:
ii libatk1.0-0 1.10.1-2 The ATK accessibility toolkit
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libglib2.0-0 2.6.5-1 The GLib library of C routines
ii libgringotts1 1.2.1-7 encapsulate data in an encrypted a
ii libgtk2.0-0 2.6.8-1 The GTK+ graphical user interface
ii libmudflap0 4.0.1-2 GCC mudflap shared support librari
ii libpango1.0-0 1.8.2-1 Layout and rendering of internatio
ii libpopt0 1.7-5 lib for parsing cmdline parameters
gringotts recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
