https://bugzilla.wikimedia.org/show_bug.cgi?id=27060

Bawolff <bawolff...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bawolff...@gmail.com

--- Comment #3 from Bawolff <bawolff...@gmail.com> 2011-02-03 04:23:25 UTC ---
+1 for this being a good idea.

As it stands, I believe the worst case for an XSS vulnrability is to change the
email and steal the account. Requiring a password would help mitigate this.

(Of course once you have an xss attack, the user is still pretty screwed
regardless because you can still use js to vandalize in the users name, or
present the user with a very convincing you need to re-login screen to steal
their password, etc).

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to