So a an appropriate warning in a <noscript> region on the login page would be simple and efficient.
Beste Grüsse, -Marcel Waldvogel Am 25.11.2012 um 23:22 schrieb Michael <[email protected]>: > While I agree that Javascript and cookies should be required, it should not > silently fail if a person doesn't have either of them enabled. Some kind of > error is always appreciated here. > Mike > > On Sun, Nov 25, 2012 at 4:13 PM, Simon Brereton <[email protected]> > wrote: > Yes - for this one site. Which I'd trust. But short of using owncloud in a > separate browser I'm forced to accept ask session cookies just to accommodate > the few I can trust. > > Ditto the Javascript. > > Simon > > On Nov 25, 2012 4:46 PM, "Frank Karlitschek" <[email protected]> wrote: > > > > > > On 25.11.2012, at 22:24, Simon Brereton <[email protected]> wrote: > > > > > Do you have a link for that assertion? > > > > > > http://arstechnica.com/security/2012/10/firefox-16-vulnerability-attack-code-available-online/ > > > > > > It would seem to me that Javascript is still an issue. > > > > That was a Firefox bug that is already fixed. > > > > > > > Cookies may not present a security issue, but a privacy one, and unless > > > you're prepared to undergo a lot of effort allowing them on a per-site > > > basis is a lot of work most people baulk at. > > > > ownCloud is using only session cookies that are automatically removed when > > you close your browser and they are only send to ownCloud server. No > > privacy problem here. > > > > Frank > > > > > > > The more software on the internet works without cookies and without > > > Javascript the safer the world is in general. > > > > > > Simon > > > > > > On Nov 25, 2012 12:11 PM, "Frank Karlitschek" <[email protected]> wrote: > > > > > > > > Hi Mikko, > > > > > > > > thanks for thew bug report. > > > > Unfortunately we don´t plan to support browsers without support for > > > > cookies and javascript at the moment. > > > > This would restrict our possibilities in the web interface > > > > significantly and would lead to a second completely different interface. > > > > > > > > (Session)-Cookies and javascript aren´t considered harmful or insecure > > > > nowadays. Most security people even think that having the session ID in > > > > the url is less secure than in a session cookie. > > > > > > > > Why do you think this is a problem? > > > > > > > > The problem with ogg files is a known limitation at the moment. I hope > > > > someone improves this in the future. > > > > > > > > > > > > Frank > > > > > > > > > > > > > > > > On 25.11.2012, at 17:23, Mikko V. Viinamäki > > > > <[email protected]> wrote: > > > > > > > > > Hi! > > > > > > > > > > Since I don't have a github account... I noticed the web interface > > > > > fails silently in case you don't allow cookies and same if you don't > > > > > allow JavaScript. Also, this .ogg file was not added onto the music > > > > > tab in the interface > > > > > http://commons.wikimedia.org/wiki/File:BedBugs%26SaltyDog.ogg I > > > > > wonder why? > > > > > > > > > > Besides that, owncloud's looking pretty slick! > > > > > > > > > > Mikko > > > > > _______________________________________________ > > > > > Owncloud mailing list > > > > > [email protected] > > > > > https://mail.kde.org/mailman/listinfo/owncloud > > > > > > > > _______________________________________________ > > > > Owncloud mailing list > > > > [email protected] > > > > https://mail.kde.org/mailman/listinfo/owncloud > > > > _______________________________________________ > Owncloud mailing list > [email protected] > https://mail.kde.org/mailman/listinfo/owncloud > > > _______________________________________________ > Owncloud mailing list > [email protected] > https://mail.kde.org/mailman/listinfo/owncloud
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
