User: Password:
|
|
Subscribe / Log in / New account

Why is the server-side fix not sufficient?

Why is the server-side fix not sufficient?

Posted Dec 2, 2006 10:50 UTC (Sat) by walles (guest, #954)
In reply to: Why is the server-side fix not sufficient? by gerv
Parent article: The Firefox password manager vulnerability

So how do you intend to get "most smaller sites" to update to CMS without this problem? And make sure nobody ever develops a new CMS with this problem?

I still think fixing one web browser sounds easier than fixing "a small number of major sites" and "most smaller sites".


(Log in to post comments)

Why is the server-side fix not sufficient?

Posted Dec 3, 2006 2:01 UTC (Sun) by gerv (subscriber, #3376) [Link]

"So how do you intend to get "most smaller sites" to update to CMS without this problem?"

In the same way they upgrade to get any other security fix?

"And make sure nobody ever develops a new CMS with this problem?"

How do you plan to make sure nobody ever develops a new web browser with this problem?

Gerv

Why is the server-side fix not sufficient?

Posted Dec 5, 2006 10:56 UTC (Tue) by walles (guest, #954) [Link]

The way "most smaller sites" apply security fixes is "not at all". Since it's my password that gets out that way, this isn't acceptable IMO.

I don't care if somebody develops a new web browser with this problem, since that wouldn't affect me.

As long as *I* keep using Firefox, I only care about getting Firefox fixed. If somebody else uses some other browser, it's up to them to worry about that browser's security issues.

Why is the server-side fix not sufficient?

Posted Dec 7, 2006 0:40 UTC (Thu) by gerv (subscriber, #3376) [Link]

> The way "most smaller sites" apply security fixes is "not at all".

Then they have bigger problems than input type="password". You worry about your password getting out; if they get hacked, every bit of information you've given them gets out, not just your password.

Either sort of fix would require security updates from someone. The server-side fix doesn't reduce the functionality of a useful browser feature; the client-side fix would.

Gerv


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds