Opened 8 years ago
Closed 3 years ago
#1332933 closed Feature Patches (wontfix)
Virtual Keyboard - patch included
| Reported by: | nobody | Owned by: | nobody |
|---|---|---|---|
| Priority: | 5 | Milestone: | later |
| Component: | Other | Version: | None |
| Severity: | minor | Keywords: | |
| Cc: |
Description
Privacy issues. Whilst on holiday etc. you never know if it safe to trust the Internet cafe et al. On SquirrelMail there is a plugin for a virtual keyboard, which on the login page open a popup. The idea is to move the mouse over the keyboard image map, and hover over the character you want for more than two seconds. This then add the character and builds up your password. Very neat, and makes keyboard spyware and cut and paste spyware almost ineffective. Very nice app though.
Change History (9)
comment:1 Changed 7 years ago by nobody
comment:2 Changed 6 years ago by vincent
In response to nobody's post at 12/05/05:
To protect your Roundcube client (or any other webmail client) from being sniffed you should use SSL certificates to protect your credentials. That's how I set it up.
The virtual keyboard will protect you from keyloggers and by setting an onMouseover event it will protect you from 'screenshot-for-every-mouse-click' loggers too. I'm currently working on a virtual keyboard for Roundcube, but I'm quite busy for the upcoming weeks so I can't say anything about when it's finished.
comment:3 Changed 6 years ago by thomasb
- Severity changed from critical to minor
- Status changed from assigned to new
comment:4 Changed 6 years ago by vincent
I've finished development on the Virtual Keyboard but it needs to be integrated with the Roundcube package. You can see a working demo at: <https://webmail.syn-ack.org>. If you can't wait until it nicely integrates with Roundcube (I want the option to enable/disable the keyboard from the config file) you can implement it yourself. The source files are available at <http://www.syn-ack.org>. If you need help implementing please don't hesitate to contact me at rastakid[at]syn-ack[dot]org.
comment:5 Changed 6 years ago by jpingle
This looks very promising, but I did notice one odd thing while using your demo site.
If you click to place your cursor in the password field, it still puts the letters in the username field. I figured out that you had to click the keyboard button next to the field to switch its target, but without a little blurb explaining this I'm not sure how obvious this would be to the average end user. Could it not put the letters into whichever field has the cursor/active focus?
Also, it might help if the keyboard could be hidden by default (this could also be configurable) and then brought up explicitly via a link.
Thanks for the work so far!
comment:6 Changed 6 years ago by vincent
Hi jpingle,
Yes, when an input field has focus, it should be used by the virtual keyboard to send the keys to. It's a little glitch I need to fix, it's as easy as setting a onFocus event handler.
Concerning the keyboard being hidden by default: I want to add the virtual keyboard to the RoundCube configuration so users can choose to enable or disable it. I realize that most users probably won't need the virtual keyboard, but I'm glad that I have it running in my environment: as a student I do access webmail from many different locations (including public university computers).
Thanks for your feedback,
Vincent
comment:7 Changed 5 years ago by seansan
- Milestone set to 0.1.5
- Summary changed from Virtual Keyboard to Virtual Keyboard - patch included
- Type changed from Feature Requests to Patches
Review in 0.1.5 - could be standalone plugin
comment:8 Changed 5 years ago by thomasb
- Milestone changed from 0.1.5 to later
comment:10 Changed 3 years ago by alec
- Resolution changed from None to wontfix
- Status changed from new to closed
This definitely should become a plugin. So, I'm closing it as wontfix.
