Not logged in
Log in now
Create an account
Subscribe to LWN
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
Should web developers say no to cookie-based authentication?
Posted Apr 2, 2010 16:09 UTC (Fri) by ghamlin (guest, #57789)
That is the mistake. Form-based login screens should never have become acceptable. There can be never be a trusted UI, if the password UI is a webpage (even with flash disabled, even with content restriction ).
It is just broken. It is a good paper and a very pragamtic one,too. He outline many half-way approaches one could take.
In a related vein. I think the ECP profile for SAML would be interesting in the browser. I'd like to see that happen. When it does I hope they build in a trusted visual path element.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds