Path: utzoo!censor!geac!jtsv16!uunet!cs.utexas.edu!tut.cis.ohio-state.edu!bloom-beacon!EXPO.LCS.MIT.EDU!rws
From: rws@EXPO.LCS.MIT.EDU (Bob Scheifler)
Newsgroups: comp.windows.x
Subject: Re: Peeping Toms
Message-ID: <8911101643.AA06040@expire.lcs.mit.edu>
Date: 10 Nov 89 16:43:18 GMT
References: <8911101621.AA06861@cygnus.cray.com>
Organization: The Internet
Lines: 11


    The true
    danger comes when a user performs an action which requires a password
    because peeping_tom will see every keystroke even if the user doesn't.

Where have you been?  There is a "Secure Keyboard" patch to the R3 xterm,
distributed as official patch #2, which can at least be used for most normal
keyboard entry of passwords.  Our R4 server has provision for access control
beyond the default host-based mechanism (you have R4beta, you should give it
a try :-).  It's far from perfect, far from complete, but it's OK for vanilla
environments.