[Mew-dist 1109] clear key input events
Kazu Yamamoto ( 山本和彦 )
Kazu at example.com
1997年 6月 23日 (月) 13:13:32 JST
Dir sirs,
We would like to ask you to implement an interface to clear recent key
events which (recent-keys) returns for security reasons. Some Emacs
applications read user's password on the mini buffer with echo-back
canceled. However, executing (recent-keys) tells the password even if
it was not displayed at input time. This is really insecure.
For convenience, Emacs itself should prepare password-input function
as follows:
(defun read-passwd (prompt)
(let ((pass)
(c 0)
(echo-keystrokes 0)
(ociea cursor-in-echo-area))
(unwind-protect
(progn
(setq cursor-in-echo-area 1)
(while (and (/= c ?\r) (/= c ?\n) (/= c ?\e) (/= c 7)) ;; ^G
(message "%s%s"
prompt
(make-string (length pass) ?.))
(setq c (read-char))
(if (char-equal c ?\C-u)
(setq pass "")
(if (and (/= c ?\b) (/= c ?\177))
(setq pass (concat pass (char-to-string c)))
(if (> (length pass) 0)
(setq pass (substring pass 0 -1))))))
(setq cursor-in-echo-area -1)
)
(setq cursor-in-echo-area ociea)
nil)
(message "")
(sit-for 0)
(substring pass 0 -1)
(*** clear recent key events ***)
))
Thanks,
--Kazu
Mew-dist メーリングリストの案内