On Apr 10, 2009, at 12:03 AM, [email protected] wrote: > 1) Does DW have an HTTPS log in page?
We will by open beta launch. (Still haven't gotten the SSL certificate necessary.) > 2) If yes/soon: Suggestion: I would love it if I could drop a > cookie on a browser which changes the behavior of the nav bar > thingies, such that when you look at a DW page while not logged in, > instead of presenting the log in fields, presents a log in link > that takes one to the https page. That is, I would like to be able > to tell DW, "this here browser should not be solicited for > unencrypted log in. Solicit it for encrypted." Just FYI, the nav bar thingies and the unencrypted login page still don't transmit your password in plaintext, even if there's no visible encryption going on, unless you don't have Javascript enabled. The login form uses JS to hash your password first, and only transmits the hash, not the password itself. (LJ does this, too.) Not quite what you were asking for, but still! --D -- Denise Paolucci [email protected] Dreamwidth Studios: Open Source, open expression, open operations. Coming April 30! _______________________________________________ dw-discuss mailing list [email protected] http://lists.dwscoalition.org/cgi-bin/mailman/listinfo/dw-discuss
