| |||||||||||||
Why is the server-side fix not sufficient?Why is the server-side fix not sufficient?Posted Dec 3, 2006 2:01 UTC (Sun) by gerv (subscriber, #3376)In reply to: Why is the server-side fix not sufficient? by walles Parent article: The Firefox password manager vulnerability
"So how do you intend to get "most smaller sites" to update to CMS without this problem?"
In the same way they upgrade to get any other security fix?
"And make sure nobody ever develops a new CMS with this problem?"
How do you plan to make sure nobody ever develops a new web browser with this problem?
Gerv
(Log in to post comments)
Why is the server-side fix not sufficient? Posted Dec 5, 2006 10:56 UTC (Tue) by walles (guest, #954) [Link] The way "most smaller sites" apply security fixes is "not at all". Since it's my password that gets out that way, this isn't acceptable IMO.
I don't care if somebody develops a new web browser with this problem, since that wouldn't affect me.
As long as *I* keep using Firefox, I only care about getting Firefox fixed. If somebody else uses some other browser, it's up to them to worry about that browser's security issues.
Why is the server-side fix not sufficient? Posted Dec 7, 2006 0:40 UTC (Thu) by gerv (subscriber, #3376) [Link] > The way "most smaller sites" apply security fixes is "not at all".
Then they have bigger problems than input type="password". You worry about your password getting out; if they get hacked, every bit of information you've given them gets out, not just your password.
Either sort of fix would require security updates from someone. The server-side fix doesn't reduce the functionality of a useful browser feature; the client-side fix would.
Gerv
|
|||||||||||||