- From: Peter Kasting <pkasting@google.com>
- Date: Wed, 1 Oct 2014 16:17:34 -0700
- To: Dan Poltawski <dan@moodle.com>
- Cc: WHATWG <whatwg@lists.whatwg.org>
On Wed, Oct 1, 2014 at 4:11 PM, Dan Poltawski <dan@moodle.com> wrote: > The data in those fields are stored in plain text and shared between > multiple teachers (multiple accounts), so when another teacher comes > along - they could access it. There is a scale of severity of the data > in there - from real passwords to external systems to a shared > 'enrolment key' which is a passphrase which might be shared with some > students but not others. So, you're doing both of the following? * Using a password field for (sometimes) things that aren't passwords * Storing (potentially) sensitive data in the clear yourself, and sending it (again, in the clear) to other accounts/machines Unless I'm misunderstanding your description of your application, these sound like undesirable practices, which are themselves at the root of your users' lack of security, and the browsers' behaviors are merely illustrating this? PK
Received on Wednesday, 1 October 2014 23:18:00 UTC