Re: [whatwg] Hashing autofilled data (was Re: Proposal: Write-only submittable form-associated controls.)

Correct. For example, if you used CloudFlare to terminate your SSL traffic,
this measure would prevent CloudFlare from ever seeing your passwords. The
key to decrypt the password (or CC#) can be limited to the absolute minimal
surface area necessary.

On Thu, Oct 16, 2014 at 2:27 PM, Anne van Kesteren <annevk@annevk.nl> wrote:

> On Thu, Oct 16, 2014 at 2:22 PM, Ben Maurer <ben.maurer@gmail.com> wrote:
> > It reduces the number of systems which are exposed
> > to the password.
>
> You mean after the password arrives at the server? Because for
> transfer we should advocate TLS.
>
>
> --
> https://annevankesteren.nl/
>

Received on Thursday, 16 October 2014 12:32:27 UTC