+1, any OP worth its code will use HTTPS when working with passwords or user data.
--David -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ka-Ping Yee Sent: Saturday, January 20, 2007 4:58 PM To: Claus Färber Cc: [email protected] Subject: [security] Passwords in the clear On Sun, 21 Jan 2007, Claus Färber wrote: > Ka-Ping Yee wrote: > > Password entry in chrome. > > If we can get users out of the habit of typing their passwords into > > arbitrary webpages, that'll be a serious blow against phishing. > > It does not matter how the password is entered as long as it sent to > the website in clear. You're talking about a different problem, which we already know how to address -- the login form should use HTTPS instead of HTTP. -- ?!ng _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
