NFN Smith wrote:
[email protected] wrote:
Some of it may be a way of defending against passwords
"remembered" (whether in the browser, as with Mozilla, or in the
way that IE keeps stuff in the Windows registry). Given the
antipathy of some developers towards Mozilla (including the
long-time problem of improper sniffing methodologies, looking
explicitly for "Firefox", rather than "Gecko", and sometimes
causing for Gecko browsers that aren't Firefox), I think there's
some number of developers that aren't really thinking much about
the Mozilla method of handling passwords.
Yeah, I think the concern about letting the browser remember
passwords is more those which don't need the user to enter a master
password to access them. Even if the passwords are encrypted, if
the user doesn't have to enter a password to get at them the
decryption key must be stored somewhere on the system, so is just
as accessible to anyone able to steal the password database.
For me, the key is whether the password is required for access to
something valuable like a bank account (in which case I don't let my
computer store it) or just a nuisance password used by some website that
wants you to prove every time that you're not a robot (in which case I'm
happy to let my computer handle it). If some blog wants me to "login to
comment," whatever; I'm not posting my real name anyway.
--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
