Fwd: That great security problem...
Arnt Gulbrandsen
arnt at gulbrandsen.priv.no
Mon Aug 9 16:48:20 BST 2004
George Staikos writes, quoting me:
>> 2. When Konqueror is about to send a password, it should do the MD5,
>> see if that password has been used with a TLS site, and if so,
>> check that that same certificate is valid for the site that will
>> receive the password.
>>
>> In effect, if you log in to your bank with password 54738591 and you
>> later reuse the same password elsewhere, Konqueror should pop up a
>> dialog saying: "Warning: The same password has also been used with
>> <TLS cert owner>, which does not own/secure <web site>. Are you
>> sure you want to use it with <web site>?"
>
> Sounds like a good idea actually. It should go into bugzilla as a
> wishlist, and it should be implemented KIO-wide, not just in KHTML.
But I'm not adding it. There are many things in the world I don't like
doing, and learning another HTML-based "GUI" is definitely one of them.
Arnt
More information about the kfm-devel
mailing list