[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Re: Fwd: That great security problem...
From:       Arnt Gulbrandsen <arnt () gulbrandsen ! priv ! no>
Date:       2004-08-09 15:48:20
Message-ID: xssUbR/tpD3aYcg5yYnEBg.md5 () libertango ! oryx ! com
[Download RAW message or body]

George Staikos writes, quoting me:
>>  2. When Konqueror is about to send a password, it should do the MD5, 
>>  see if that password has been used with a TLS site, and if so, 
>>  check that that same certificate is valid for the site that will 
>>  receive the password.
>>
>>  In effect, if you log in to your bank with password 54738591 and you 
>>  later reuse the same password elsewhere, Konqueror should pop up a 
>>  dialog saying: "Warning: The same password has also been used with 
>>  <TLS cert owner>, which does not own/secure <web site>. Are you 
>>  sure you want to use it with <web site>?"
>
>    Sounds like a good idea actually. It should go into bugzilla as a
> wishlist, and it should be implemented KIO-wide, not just in KHTML.

But I'm not adding it. There are many things in the world I don't like 
doing, and learning another HTML-based "GUI" is definitely one of them.

Arnt
[prev in list] [next in list] [prev in thread] [next in thread]