Lightroom plug-in SDK password_field can be vulnerable on Windows

  • 1
  • Problem
  • Updated 2 years ago
  • In Progress
  • (Edited)
I recently wrote a new plug-in for Lightroom and in doing so initially created a password_field that is taller than one line (height_in_lines = 3 in my case).

On a Mac, that password_field behaves just as it should: the content is obscured by round dots, and it cannot be copied into the clipboard.

On a Windows, though, to my horror a password_field with height_in_lines > 1 turns the field into a regular multi-line edit_field: the content is visible in plain sight, and it can be copied into the clipboard. This is a serious security flaw.

Granted, most password_field boxes are only one line high so perhaps this is an innocent oops, but I was certainly surprised to discover the difference between Mac and Windows.

Another minor nit is that the password_field on Mac can have a placeholder_string, but on Windows that placeholder_string is obscured as hashes. Duh!
Photo of Tapani Otala

Tapani Otala

  • 13 Posts
  • 3 Reply Likes

Posted 2 years ago

  • 1

Be the first to post a reply!