[prev in list] [next in list] [prev in thread] [next in thread]
List: kfm-devel
Subject: Re: Fwd: That great security problem...
From: Arnt Gulbrandsen <arnt () gulbrandsen ! priv ! no>
Date: 2004-08-09 15:48:20
Message-ID: xssUbR/tpD3aYcg5yYnEBg.md5 () libertango ! oryx ! com
[Download RAW message or body]
George Staikos writes, quoting me:
>> 2. When Konqueror is about to send a password, it should do the MD5,
>> see if that password has been used with a TLS site, and if so,
>> check that that same certificate is valid for the site that will
>> receive the password.
>>
>> In effect, if you log in to your bank with password 54738591 and you
>> later reuse the same password elsewhere, Konqueror should pop up a
>> dialog saying: "Warning: The same password has also been used with
>> <TLS cert owner>, which does not own/secure <web site>. Are you
>> sure you want to use it with <web site>?"
>
> Sounds like a good idea actually. It should go into bugzilla as a
> wishlist, and it should be implemented KIO-wide, not just in KHTML.
But I'm not adding it. There are many things in the world I don't like
doing, and learning another HTML-based "GUI" is definitely one of them.
Arnt
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic