Problems with excessive password prompting
I have resisted using Safari due to many of its features seeming a little half-baked compared to Internet Explorer. My concerns were justified when, two weeks ago, I was quite disgusted to find that after downloading a package for somebody to give to them on a CD, Safari automatically opened the Package Installer and asked me for an admin password to begin installation! This is just ridiculous. Since when has a package been considered 'Safe'?!?
I'm also annoyed that some web pages and a few other applications sometimes force their windows into the foreground. I have almost come to grief a few times when I was in the middle of typing a document while not staring directly at the screen, then looked up to find another program had popped up a window in front of mine. I was actually typing directly into another program without knowing it! Once in fact I typed something then hit 'Return' yet noticed a window disappear just as I looked back up at the screen. I wondered what on earth it was, but it turns out I had clicked 'Accept' to begin installing a printer driver. This is very dangerous! The file system had mounted the image then opened the package without my permission, so pressing 'Return' at any point would begin installation.
In my opinion there is another VERY DANGEROUS security flaw affecting OSX - The heavy reliance on asking for a password for everything, even when performing a seemingly mundane function. Why the heck should I give an unknown source my password? What stops me from making a FAKE window asking me to enter a password, or even cleverly designing a web page with no borders, with an image identical to the usual installer window, then simply recording and emailing the entered password details to somebody else? I then have the user's admin password and can do whatever I want with it.
I remember a time when I had three installers highlighted without realising, and double-clicked which opened all three at once. Three windows opened asking me for an admin password to continue installation. I had NO IDEA which window was related to which installer. If another malicious application had opened at the same time, I could easily have entered my password into it.
While I'm at it: In 10.3 when file sharing asks for a username and password, instead of having a check-box in plain view saying 'Store this password in the keychain' the option is now HIDDEN in the 'Options...' button. Quite often while on-site, I use my laptop as a file server so I can copy large install files/databases/updates etc to a client's computer. I have to log into my computer from theirs, locate it in the Network browser, then enter my username and password. All it takes is for me to forget to un-check that 'Options...' button ONCE, and now my password is stored in the client's keychain for them to see and use as they please. Not good.
David
Mark as Read
|
| |||||||||||||||||||||||||||||||||||||||||||||||
zip.com.au> wrote:
|
![[F]](/Images/i7/site.gif){kind=small}
TidBITS 
TidBITS TidBITS Talk Problems with excessive password prompting
