W3C home > Mailing lists > Public > public-html-comments@w3.org > August 2012

Re: Securing Password Inputs

From: Jason H <scorp1us@yahoo.com>
Date: Fri, 31 Aug 2012 07:49:58 -0700 (PDT)
Message-ID: <1346424598.64898.YahooMailNeo@web120706.mail.ne1.yahoo.com>
To: Cameron Jones <cmhjones@gmail.com>, Arthur Clifford <art@artspad.net>
Cc: "public-html-comments@w3.org" <public-html-comments@w3.org>
They might be cagey, but they are completely absent in implementation in the storage routines of user credentials for most sites.

Moving security to the browser is much easier because there are less browsers than applications.

 From: Cameron Jones <cmhjones@gmail.com>
> The problem with specifying how to encrypt things in a public specification
> is that everybody knows how it is done, and therefore all you are doing is
> resetting the timer for hackers to figure things out. There should be
> something provided by servers that the server knows and trusts.

Exactly. There is a reason why security folks are cagey.
Received on Friday, 31 August 2012 14:50:29 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:28 UTC