yes there are situations like that but then it could just submit the form
(which would happen anyway) and check the plaintext password like normally
if the other mechanism fails. If people have js turned on it would simply
increase security a little. The crucial part is just the sending of the
password. Since it will not be a SSL url security aware ppl will not use
their high priority passwords anyway. It's just for sites like facebook
where you dont have to do money transactions etc.
Fred Allen - "California is a fine place to live - if you happen to be an
2009/2/17 Jason Pruim <ja...@jasonpruim.com>
> On Feb 16, 2009, at 6:11 AM, German Geek wrote:
> Brilliant. Someone who understood my intentions :) It's not only a good
>> exercise but also useful. Once done in PHP and various JS frameworks, we
>> could port it to other languages. Would suggest to support as many as we
>> because they all have pros and cons. PHP first tho :) . Maybe just good
>> is that paranoid. Sorry if someone here is but i believe if you are scared
>> going to be security holes.
> There are people who aren't in control of the computer they use. Such as
> anyone in a big corporation... The IT department might have decided to turn
> Or Alot of people who use mobile devices that don't have java support.
> All I'm saying is there is a chance that even people who would want to
> leave java on normally might be in situations where they can't have it on.