Page 24 of 24 « First 142223 24
Reply
Thread Tools
sjgadsby is offline sjgadsby
2009-05-22 , 22:00
Posts: 5,335 | Thanked: 8,187 times | Joined on Mar 2007 @ Pennsylvania, USA
#231
Originally Posted by sirfelix View Post
There is a security issue:
The old site masked your password while typing. This new site exposes it to all.
With which browser & theme? MicroB & the default theme do not reveal my password.
__________________
maemo.org profile
 

The Following 4 Users Say Thank You to sjgadsby For This Useful Post:
ARJWright's Avatar
ARJWright is offline ARJWright
2009-05-25 , 17:15
Posts: 861 | Thanked: 734 times | Joined on Jan 2008 @ Nomadic
#232
Originally Posted by sirfelix View Post
There is a security issue:
The old site masked your password while typing. This new site exposes it to all.
This is a pet peeve of mine...

You are using a handheld device; where is the security risk when you are the only one looking at it?

If anything; you should see what you are typing. Its not like you password is any more encrypted than your user name (its only validated with javascript). Or maybe I'm missing that the appearance of security is better than the reality.
__________________

antoinerjwright.com | Mobile Ministry Magazine
 

The Following 3 Users Say Thank You to ARJWright For This Useful Post:
fragos's Avatar
fragos is offline fragos
2009-05-25 , 17:31
Posts: 900 | Thanked: 273 times | Joined on Aug 2008 @ Fresno CA USA
#233
Originally Posted by sirfelix View Post
I don't like the new site. Do you think you can require us to scroll any more? I'll be in China before I get to the bottom of the page.
Have you tried the other themes available at the end of each page. "--Classic Dark" is very similar to the old site.
__________________
George Fragos
Internet Coach & Writer
Maemo Mapper HowTo
Personal Blog -- 3 Joe's Blog

N810 -- 5.2010.33-1
 
Bundyo's Avatar
Bundyo is offline Bundyo
2009-05-25 , 18:29
Posts: 4,708 | Thanked: 4,649 times | Joined on Oct 2007 @ Bulgaria
#234
Originally Posted by ARJWright View Post
If anything; you should see what you are typing. Its not like you password is any more encrypted than your user name (its only validated with javascript). Or maybe I'm missing that the appearance of security is better than the reality.
Um, what? The passwords are usually held on the server encrypted and checked directly in that form (and not with javascript at all, unless you are talking about AJAX means of transport). Of course there are tools that someone can use to intercept your http stream with, but if the Talk merges with the maemo.org authentication, it will use SSL for communication and the above scenario becomes even more unlikely to happen.
__________________
Technically, there are three determinate states the cat could be in: Alive, Dead, and Bloody Furious.
 
ARJWright's Avatar
ARJWright is offline ARJWright
2009-05-28 , 14:04
Posts: 861 | Thanked: 734 times | Joined on Jan 2008 @ Nomadic
#235
Originally Posted by Bundyo View Post
Um, what? The passwords are usually held on the server encrypted and checked directly in that form (and not with javascript at all, unless you are talking about AJAX means of transport). Of course there are tools that someone can use to intercept your http stream with, but if the Talk merges with the maemo.org authentication, it will use SSL for communication and the above scenario becomes even more unlikely to happen.
Got ya. But speaking from the other side of things...

...user types in a password box and *thinks* its secure because they cannot see the letters they are typing. On a public terminal, sure. On a personal mobile device, why?
__________________

antoinerjwright.com | Mobile Ministry Magazine
 
Jaffa's Avatar
Jaffa is offline Jaffa
2009-05-28 , 15:15
Posts: 2,535 | Thanked: 6,681 times | Joined on Mar 2008 @ UK
#236
Originally Posted by ARJWright View Post
...user types in a password box and *thinks* its secure because they cannot see the letters they are typing. On a public terminal, sure. On a personal mobile device, why?
Of course, this isn't something that the website can adequately determine - but it does sound like an enhancement request for the browser.
__________________
Andrew Flegg -- mailto:andrew@bleb.org | http://www.bleb.org
 
Baloo's Avatar
Baloo is offline Baloo
2009-05-28 , 16:40
Posts: 276 | Thanked: 160 times | Joined on Jul 2007 @ Bath, UK
#237
Originally Posted by Jaffa View Post
Of course, this isn't something that the website can adequately determine - but it does sound like an enhancement request for the browser.
What about looking at the browsers user agent?
__________________
LinuxUK.org - http://www.linuxuk.org
 
Jaffa's Avatar
Jaffa is offline Jaffa
2009-05-28 , 17:03
Posts: 2,535 | Thanked: 6,681 times | Joined on Mar 2008 @ UK
#238
Originally Posted by Baloo View Post
What about looking at the browsers user agent?
Which browser? What about people who change their UA string?

If there's a case for not hiding them on the device because of the use case, I'd say that's the right place to do it.

Having said that, the browser should be consistent with WEP/WPA key entry etc. And I can see this being one of the low-level things in the hallowed "UI Spec".

Perhaps Greasemonkey would be a better approach?
__________________
Andrew Flegg -- mailto:andrew@bleb.org | http://www.bleb.org
 
GeraldKo is offline GeraldKo
2009-05-28 , 17:44
Posts: 1,950 | Thanked: 1,174 times | Joined on Jan 2008 @ Seattle, USA
#239
The new forum still needs site-specific Google search like in my sig (first Newbie link). I've posted this request as a bug.
__________________
.
. .

Help Save This Forum for N8x0/Diablo Users! Register and Vote for Solution #1 on this Brainstorm. (The Solution will let you see New Posts with any threads you choose -- like the N900 and Maemo5/Fremantle threads -- filtered out.) (To understand the Solution better, see these posts #17, #18, and #19.)
 
Reply
Page 24 of 24 « First 142223 24

Tags
tired topics

« Previous Thread | Next Thread »
Thread Tools

 
Forum Jump


All times are GMT. The time now is 12:04.

Contact Us - Home - Archive - Top