They might be cagey, but they are completely absent in implementation in the storage routines of user credentials for most sites. Moving security to the browser is much easier because there are less browsers than applications. ________________________________ From: Cameron Jones <cmhjones@gmail.com> > The problem with specifying how to encrypt things in a public specification > is that everybody knows how it is done, and therefore all you are doing is > resetting the timer for hackers to figure things out. There should be > something provided by servers that the server knows and trusts. Exactly. There is a reason why security folks are cagey.
Received on Friday, 31 August 2012 14:50:29 UTC