W3C home > Mailing lists > Public > www-style@w3.org > December 2006

Re: [CSS3UI] Concerned about Appearance:Password

From: Octavio Alvarez Piza <alvarezp@alvarezp.ods.org>
Date: Tue, 5 Dec 2006 02:11:40 -0800
To: "Robert Chapin" <w3-list@info-svc.com>
Cc: www-style@w3.org
Message-Id: <20061205021140.e64e3a4d.alvarezp@alvarezp.ods.org>

On Sat, 2 Dec 2006 10:00:36 -0500
"Robert Chapin" <w3-list@info-svc.com> wrote:

> If UAs interpret this property as a display feature for non-password inputs,
> then a phisher could create a quasi-password input under CSS3 that appears
> identical to a legitimate password input.

Or worse, if by any chance (intentional, technical failure or otherwise) the
CSS file never gets to the UA or gets severely delayed, the "trusted"
passwords would be left unprotected to the sight of everybody near that PC.

Octavio.
Received on Tuesday, 5 December 2006 10:12:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 27 April 2009 13:54:47 GMT