- From: Dan Poltawski <dan@moodle.com>
- Date: Thu, 2 Oct 2014 00:39:51 +0100
- To: Peter Kasting <pkasting@google.com>
- Cc: Dan Poltawski <dan@moodle.com>, WHATWG <whatwg@lists.whatwg.org>
On 2 October 2014 00:17, Peter Kasting <pkasting@google.com> wrote: > So, you're doing both of the following? > * Using a password field for (sometimes) things that aren't passwords Right. Though it could be 'sensitive information' and needs obscuring, so 'A text field that obscures data entry' seems like the correct element to use. > * Storing (potentially) sensitive data in the clear yourself, and sending it > (again, in the clear) to other accounts/machines The premise of this suggests that this sensitive data belongs only to the user in question, where as its actually shared sensitive data, both users need to access it. > Unless I'm misunderstanding your description of your application, these > sound like undesirable practices, which are themselves at the root of your > users' lack of security, and the browsers' behaviors are merely illustrating > this? I am intentionally not going into the intricacies of our situation, but I think its still a common reality that when integrating with other systems you often have to have shared secret data. Dan
Received on Wednesday, 1 October 2014 23:40:37 UTC