[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [desktop] Real users experience.

On Mon, Oct 28, 2002 at 08:12:13AM -0800, Craig Dickson <crdic@pacbell.net> was heard to say:
> I don't like the security implications of showing all the account names
> and their login status on the login screen, but you can't fault it for
> clarity and ease of use.

  I'm not sure the security implications are that big of a deal, at
least not in at least one common case.

  You need physical access to take advantage of this -- while this is
admittedly less detectable than, say, opening the case and resetting
the CMOS, it does raise the bar considerably over allowing network

  In particular, one of the cases that the desktop people are presumably
interested in is the case of a computer in the home or in an apartment,
which is shared by the residents.  (that's what spawned this thread, in fact)
  In this case, I don't think the security issue is very worrying -- anyone
who could see this information without permission could do any number of
more dastardly things as well.

  -- Daniel, reaching for asbestos underwear..

/-------------------- Daniel Burrows <dburrows@debian.org> -------------------\
|                "Debian developers have many superpowers, but                |
|                 time travel is not one of them."                            |
|                   -- Richard Braakman                                       |
\---- News without the $$ -- National Public Radio -- http://www.npr.org -----/

Reply to: