- From: <bugzilla@jessica.w3.org>
- Date: Fri, 04 Mar 2011 02:14:17 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=11912 --- Comment #12 from Aryeh Gregor <Simetrical+w3cbug@gmail.com> 2011-03-04 02:14:16 UTC --- Incidentally, zewt on #whatwg pointed out you can get all the security benefits of your scheme using cookies: <zewt> (AryehGregor: not necessarily useful to that person, but if I really needed that, I'd probably do something along the lines of storing an encrypted password in the cookie with a key on the server, so the server can decrypt it for each request and then throw it away) That way the server still doesn't have to store any credential info that an attacker could profitably compromise. -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
Received on Friday, 4 March 2011 02:14:18 UTC