| Prev | 14   22     23   24 |
maemo.org - Talk
Page 24 of 24
Show 40 post(s) from this thread on one page

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Community (https://talk.maemo.org/forumdisplay.php?f=16)
-   -   The new talk.maemo.org theme (https://talk.maemo.org/showthread.php?t=28594)

sjgadsby 2009-05-22 22:00
Re: The new talk.maemo.org theme
 
Quote:
Originally Posted by sirfelix (Post 289307)
There is a security issue:
The old site masked your password while typing. This new site exposes it to all.
With which browser & theme? MicroB & the default theme do not reveal my password.

ARJWright 2009-05-25 17:15
Re: The new talk.maemo.org theme
 
Quote:
Originally Posted by sirfelix (Post 289307)
There is a security issue:
The old site masked your password while typing. This new site exposes it to all.
This is a pet peeve of mine...

You are using a handheld device; where is the security risk when you are the only one looking at it?

If anything; you should see what you are typing. Its not like you password is any more encrypted than your user name (its only validated with javascript). Or maybe I'm missing that the appearance of security is better than the reality.

fragos 2009-05-25 17:31
Re: The new talk.maemo.org theme
 
Quote:
Originally Posted by sirfelix (Post 289307)
I don't like the new site. Do you think you can require us to scroll any more? I'll be in China before I get to the bottom of the page.
Have you tried the other themes available at the end of each page. "--Classic Dark" is very similar to the old site.

Bundyo 2009-05-25 18:29
Re: The new talk.maemo.org theme
 
Quote:
Originally Posted by ARJWright (Post 289884)
If anything; you should see what you are typing. Its not like you password is any more encrypted than your user name (its only validated with javascript). Or maybe I'm missing that the appearance of security is better than the reality.
Um, what? The passwords are usually held on the server encrypted and checked directly in that form (and not with javascript at all, unless you are talking about AJAX means of transport). Of course there are tools that someone can use to intercept your http stream with, but if the Talk merges with the maemo.org authentication, it will use SSL for communication and the above scenario becomes even more unlikely to happen.

ARJWright 2009-05-28 14:04
Re: The new talk.maemo.org theme
 
Quote:
Originally Posted by Bundyo (Post 289940)
Um, what? The passwords are usually held on the server encrypted and checked directly in that form (and not with javascript at all, unless you are talking about AJAX means of transport). Of course there are tools that someone can use to intercept your http stream with, but if the Talk merges with the maemo.org authentication, it will use SSL for communication and the above scenario becomes even more unlikely to happen.
Got ya. But speaking from the other side of things...

...user types in a password box and *thinks* its secure because they cannot see the letters they are typing. On a public terminal, sure. On a personal mobile device, why?

Jaffa 2009-05-28 15:15
Re: The new talk.maemo.org theme
 
Quote:
Originally Posted by ARJWright (Post 291453)
...user types in a password box and *thinks* its secure because they cannot see the letters they are typing. On a public terminal, sure. On a personal mobile device, why?
Of course, this isn't something that the website can adequately determine - but it does sound like an enhancement request for the browser.

Baloo 2009-05-28 16:40
Re: The new talk.maemo.org theme
 
Quote:
Originally Posted by Jaffa (Post 291495)
Of course, this isn't something that the website can adequately determine - but it does sound like an enhancement request for the browser.
What about looking at the browsers user agent?

Jaffa 2009-05-28 17:03
Re: The new talk.maemo.org theme
 
Quote:
Originally Posted by Baloo (Post 291538)
What about looking at the browsers user agent?
Which browser? What about people who change their UA string?

If there's a case for not hiding them on the device because of the use case, I'd say that's the right place to do it.

Having said that, the browser should be consistent with WEP/WPA key entry etc. And I can see this being one of the low-level things in the hallowed "UI Spec".

Perhaps Greasemonkey would be a better approach?

GeraldKo 2009-05-28 17:44
Re: The new talk.maemo.org theme
 
The new forum still needs site-specific Google search like in my sig (first Newbie link). I've posted this request as a bug.


| Prev | 14   22     23   24 |
All times are GMT. The time now is 07:08.
Page 24 of 24
Show 40 post(s) from this thread on one page

vBulletin® Version 3.8.8