- From: Schnabel, Stefan <stefan.schnabel@sap.com>
- Date: Wed, 22 Jun 2016 13:05:47 +0000
- To: James Craig <jcraig@apple.com>
- CC: Marco Zehe <mzehe@mozilla.com>, Richard Schwerdtfeger <richschwer@gmail.com>, Michiel Bijl <michiel@agosto.nl>, ARIA Working Group <public-aria@w3.org>, Ted O'Connor <eoconnor@apple.com>
Well, these threads below http://stackoverflow.com/questions/26394224/is-input-type-password-secure http://security.stackexchange.com/questions/95170/html-input-of-type-text-for-passwords indicate that there are issues with the host language tool, too. Manageable, perhaps, but present. There are even academic articles about that, potentially a bit outdated: http://www.w2spconf.com/2008/papers/s1p2.pdf >From the reading, it seems to me that it is not the host element or the role, but the entire environment is what matters. One can think this gives the entire host vs. native discussion a lower priority. - Stefan -----Original Message----- From: James Craig [mailto:jcraig@apple.com] Sent: Mittwoch, 22. Juni 2016 14:44 To: Schnabel, Stefan <stefan.schnabel@sap.com> Cc: Marco Zehe <mzehe@mozilla.com>; Richard Schwerdtfeger <richschwer@gmail.com>; Michiel Bijl <michiel@agosto.nl>; ARIA Working Group <public-aria@w3.org>; Ted O'Connor <eoconnor@apple.com> Subject: Re: Objection to password role > On Jun 22, 2016, at 5:33 AM, Schnabel, Stefan <stefan.schnabel@sap.com> wrote: > > >>> For all we know, this role could be abused by malicious people in all kinds of ways. > > Hammers, too. I don't think the hammer analogy works here. The concern isn't developers misusing a tool and hurting themselves or their site. The concern is developers using a tool exactly the way it was designed, except that a problem in the tool allows a third party to steal passwords, and everything that is hidden behind those passwords. James
Received on Wednesday, 22 June 2016 13:06:28 UTC