Security design flaw with "default" x-windows login behaviour

[Dmitriy Kropivnitskiy]

Don't you think it is a little silly complaining about such an issue,
since you set your display manager to automatically login your user
after 60 seconds without asking for a password. So, if someone tries to
access your box, they might try to enter wrong user name and password,
but if they just wait, they would still login as you. I really do not
see this as a security flow, since by enabling the automatic login you
have made your system inherently vulnerable for a person with physical
access to the system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20041119/ba9bd458/attachment.htm