|
 |
Skiba <abx### [at] babilon org> wrote:
> The difference is that when you type it and you post then it not appear on
> your own hard disc (unless autocompletion for forms in IE is on). But when it
> is in hidden field it stays in cache of pages. The one of typical users
> mistakes is that they use the same password for different purposes. If they
> could use this for povray.org it is possible they could use it for something
> different. Why to leave doors for less experienced hackers? Of course that's
> responsibility of user but otherway there is no sense to make KFKT<MJY765*%$7
> as password if it is only for user info at povray.org.
I think you are really missing the point here. There are numerous services
out there that transmit plain password. The two most popular ones are:
* FTP, that is whenever you log into your web site to upload files, you
transmit that password in clear text!
* POP3 mailboxes, that is at least everybody who uses something else than
webmail or AOL, which ends up being a real lot of people!
I am sure you agree that both contain or may contain for more sensitive
data, yet it hardly is a problem. In fact, the work someone needs to invest
into getting your password just to change you public information or get your
private email address lets this be out of the question. It would simply not
be worth the effort and resources.
This is all different when providing your credit card data online, because
then there is money to be made from the information, but of course
povray.org doesn't ask for it, aned the IRTC CD order page is secure using
SSL as it should be.
> Another question: is it necessary to create login page with my email
> recognized with cookies?
Just turn off cookies or turn off that particular cookie.
> I have not seen checkbox like "insert email adress
> automatically" and since my email is called "private" in registration page I
> expect I want it put every time when I log. Especially when it is written
> above login form that I have to type email. I you want to recognize me just do
> it but don't fill forms automatically, please.
Actually, I spend a lot of time to make the secure. Only you with your
cookie will see the address. Nobody else can. So unless you don't want the
person looking over your shoulder to know your email address, I am afraid I
see no problem but only a convenience. Oh, and keep in mind that each time
you use that email addresses it will go through possibly dozens of servers
were someone can just log it.
> If somebody want it then can
> use feature in IE.
Not everybody uses IE!
In short, it is not more or less secure than the rest of the internet.
Adding SSL would just give people an impression of false security that never
existed in the first place.
Thorsten
____________________________________________________
Thorsten Froehlich, Duisburg, Germany
e-mail: tho### [at] trfde
Visit POV-Ray on the web: http://mac.povray.org
Post a reply to this message
|
|
