W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2011

[whatwg] Hashing Passwords Client-side

From: Aryeh Gregor <Simetrical+w3c@gmail.com>
Date: Mon, 20 Jun 2011 18:38:21 -0400
Message-ID: <BANLkTi=BMk-PZEPCO=ZJoPwJY8E1_U4xSg@mail.gmail.com>
On Mon, Jun 20, 2011 at 4:40 AM, James Graham <jgraham at opera.com> wrote:
> FWIW I disagree. The same argument could be used against client-side form
> validation since some authors might stop doing proper server-side
> validation.

I agree, HTML5 forms provide a minor net security loss.  However, the
loss is fairly small and is easily outweighed by the non-security
advantages.  Here we have a proposal that only has security benefits,
so if it's a net security loss by even a small margin, or even if it's
only a small security gain, it's not worth it.
Received on Monday, 20 June 2011 15:38:21 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:34 UTC