Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
Fixing one web browser is easier than fixing all web sites.
Why is the server-side fix not sufficient?
Posted Dec 2, 2006 1:55 UTC (Sat) by gerv (subscriber, #3376)
Posted Dec 2, 2006 10:50 UTC (Sat) by walles (guest, #954)
I still think fixing one web browser sounds easier than fixing "a small number of major sites" and "most smaller sites".
Posted Dec 3, 2006 2:01 UTC (Sun) by gerv (subscriber, #3376)
In the same way they upgrade to get any other security fix?
"And make sure nobody ever develops a new CMS with this problem?"
How do you plan to make sure nobody ever develops a new web browser with this problem?
Posted Dec 5, 2006 10:56 UTC (Tue) by walles (guest, #954)
I don't care if somebody develops a new web browser with this problem, since that wouldn't affect me.
As long as *I* keep using Firefox, I only care about getting Firefox fixed. If somebody else uses some other browser, it's up to them to worry about that browser's security issues.
Posted Dec 7, 2006 0:40 UTC (Thu) by gerv (subscriber, #3376)
Then they have bigger problems than input type="password". You worry about your password getting out; if they get hacked, every bit of information you've given them gets out, not just your password.
Either sort of fix would require security updates from someone. The server-side fix doesn't reduce the functionality of a useful browser feature; the client-side fix would.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds