W3C home > Mailing lists > Public > www-html@w3.org > November 2002

Re: Idea for securityfix in HTML

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Sat, 16 Nov 2002 06:11:38 -0500
Message-Id: <200211161111.GAA23760@no-knife.mit.edu>
To: "Xatr0z" <xatr0z@users.sourceforge.net>
cc: www-forms@w3.org, www-html@w3.org, www-html-editor@w3.org 

> Yes, you're right, but if we take an MD5 hash instead of the plain password,
> the data would be saver.

Like I said, you get a misleading illusion of safety for both parties.
In reality, neither is more secure, and is hence more vulnerable (same
level of actual security, but more likely to do stupid things due to the
perception of security).

Boris
-- 
Ninety-Ninety Rule of Project Schedules:

The first ninety percent of the task takes ninety
percent of the time, and the last ten percent takes the
other ninety percent.
Received on Saturday, 16 November 2002 06:11:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:49:29 GMT