Bug 619058 – gnome-screensaver should disable input method in password entry

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 619058 - gnome-screensaver should disable input method in password entry


Summary:	gnome-screensaver should disable input method in password entry


Status:	RESOLVED WONTFIX

Product:	gtk+
Classification:	Platform
Component:	Widget: GtkEntry
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gtk-bugs
QA Contact:	gtk-bugs

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2010-05-19 07:09 UTC by Takao Fujiwara
Modified:	2013-02-04 06:46 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Patch for gnome-screensaver gs-lock-plug.c (3.95 KB, patch) 2010-05-19 07:09 UTC, Takao Fujiwara	none	Details \| Review
Patch for gnome-screensaver gs-lock-plug.c (4.09 KB, patch) 2010-11-17 09:37 UTC, Takao Fujiwara	none	Details \| Review
Patch for gnome-screensaver gs-lock-plug.c (4.09 KB, patch) 2010-11-17 09:41 UTC, Takao Fujiwara	rejected	Details \| Review

Description Takao Fujiwara 2010-05-19 07:09:00 UTC

Currently gnome-screensaver enables input method in invisible gtk-entry.
input method needs to be disabled on password because input method shows preedit text and breaks the security issue.

Setting "gtk-im-context-simple" im module can fix this issue.
I'm attaching the patch.

Comment 1 Takao Fujiwara 2010-05-19 07:09:55 UTC

Created attachment 161408 [details] [review]
Patch for gnome-screensaver gs-lock-plug.c

Attached the patch.

Comment 2 Takao Fujiwara 2010-11-17 09:37:26 UTC

Created attachment 174657 [details] [review]
Patch for gnome-screensaver gs-lock-plug.c

Revised the patch.

Could you review the patch?

Comment 3 Takao Fujiwara 2010-11-17 09:41:19 UTC

Created attachment 174658 [details] [review]
Patch for gnome-screensaver gs-lock-plug.c

Typo is fixed.

Comment 4 Ray Strode [halfline] 2010-11-17 15:24:55 UTC

what if the user needs the input method to enter their password?

Comment 5 Takao Fujiwara 2010-11-18 01:10:48 UTC

(In reply to comment #4)
> what if the user needs the input method to enter their password?

Currently I don't see such a request and we have used ASCII password.
The problem is, when the text visibility is FALSE, the text is invisible but input-method lookup window is visible.
e.g.

Password: [*      ]
         |1. à|
         |2. á|
         |3. â|
         |4. ã|
         +----+

It would become a security issue. You might think it would be good to set invisible for input-method's lookup.
But probably I think it's not useful, e.g. [1. *, 2. *, 3. *, 4. *].

In the current GTK+ implementation, when GtkEntry visibility is set FALSE, GtkIMContext doesn't receive any info.
So I think it's a bit complicated and another story for password entry to support input method.

On the other hand, you know that password entry can work with XKB so you still can switch the keyboard layouts in password and put your characters.

I also think the actual typed chars are not important for users because the chars are not visible and probably I think the key sequence needs to be passed in either input-method on or off.
I think the password is determined by keyboard layout and key sequence.

Comment 6 Ray Strode [halfline] 2010-11-18 17:03:15 UTC

Comment on attachment 174658 [details] [review]
Patch for gnome-screensaver gs-lock-plug.c

Honestly, this patch doesn't seem right to me.

If it's a problem for gnome-screensaver, it's a problem for all gtk entries that have visibility turned off.

Comment 7 Ray Strode [halfline] 2010-11-18 17:03:47 UTC

Reassigning...