Parse = Paste On Nov 12, 2012 5:12 PM, "noonie" <[email protected]> wrote:
> Mike, > > Not being able to parse at all would be preferable :-P > > -- > Regards, > noonie > On Nov 12, 2012 11:27 AM, "mike smith" <[email protected]> wrote: > >> I'd suspect that their fix would be to prevent it working even with >> ctrl-v >> >> Having a password in the clipboard is not that secure. There are a few >> clipboard stack / savers that cache this to disk. >> >> On Fri, Nov 9, 2012 at 2:55 PM, noonie <[email protected]> wrote: >> >>> I haven't downloaded Windows 8 yet and can't check this on IE 10. If >>> anyone has IE 10 and can check if it also has this problem I might be able >>> to file a bug report on the IE 10 feedback site and include the information >>> that it applies to IE 8 & 9 too. >>> >>> I suspect that this is actually a Windows 7 issue, underneath, and may >>> not surface on Windows 8 at all. >>> >>> -- >>> Regards, >>> noonie >>> >>> >>> On 9 November 2012 10:43, noonie <[email protected]> wrote: >>> >>>> Thanks Wallace, >>>> >>>> I don't think it's a feature as the user would be prevented from >>>> pasting in the first place. Here the user is only allowed to paste >>>> successfully when they make the correct magic incantation! >>>> >>>> -- >>>> Regards, >>>> noonie >>>> >>>> >>>> On 9 November 2012 10:19, Wallace Turner <[email protected]>wrote: >>>> >>>>> Without knowing anything about it, I suspect that is rated as a >>>>> 'feature' and not a fault... >>>>> >>>>> similar thing occurs for remote desktop whereby you cant cut/paste the >>>>> password in (this is bypassed by using mRemote) >>>>> >>>>> >>>>> >>>>> On 9/11/2012 5:29 AM, noonie wrote: >>>>> >>>>>> Greetings, >>>>>> >>>>>> We've come across an annoying bug that appears to be in Internet >>>>>> Explorer 8 & 9 on Windows 7. If a user accesses a web site that uses >>>>>> basic >>>>>> auth and they copy their login and or password into the Windows Security >>>>>> dialog, then paste the value using their right mouse button, the >>>>>> authentication fails. >>>>>> >>>>>> Checking the headers reveals that, depending on what was pasted >>>>>> (either login or password), the basic auth header is either missing, >>>>>> incomplete or corrupted. Interestingly if Ctl-V is used for the paste >>>>>> then >>>>>> everything's fine. >>>>>> >>>>>> I can find very little information about this online. Although there >>>>>> is a discussion at http://social.technet.** >>>>>> microsoft.com/Forums/en-US/**w7itprosecurity/thread/** >>>>>> 80f59d82-84ca-4d87-93d4-**dacc61f46a3f/<http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/80f59d82-84ca-4d87-93d4-dacc61f46a3f/>there's >>>>>> no indication that this has been acknowledged as a bug by Microsoft >>>>>> or that they're doing anything about it. >>>>>> >>>>>> Has anyone stumbled across this or knows more from a Microsoft >>>>>> perspective? >>>>>> >>>>>> I've also had a report from one user that this is also a problem when >>>>>> using Windows Explorer to access a protected share but I've yet to >>>>>> confirm >>>>>> this for myself. >>>>>> >>>>>> -- >>>>>> Regards, >>>>>> noonie >>>>>> >>>>>> P.S. As to why would a user would copy and past their password... >>>>>> probably because we force them to use complex un-rememberable passwords >>>>>> :-( >>>>>> >>>>>> >>>>> >>>> >>> >> >> >> -- >> Meski >> >> http://courteous.ly/aAOZcv >> >> "Going to Starbucks for coffee is like going to prison for sex. Sure, >> you'll get it, but it's going to be rough" - Adam Hills >> >>
