|
 |
On Thu, 11 Jul 2002 00:26:15 +0200, "Thorsten Froehlich" <tho### [at] trf de>
wrote:
> > What is the sense of having password and typing it with ****** when it is not
> > coded within hidden field without any secure connection?
>
> So nobody can see on your screen what you typed. As the connection is never
> secure, transferring it once more over the network doesn't really make it
> less secure.
The difference is that when you type it and you post then it not appear on
your own hard disc (unless autocompletion for forms in IE is on). But when it
is in hidden field it stays in cache of pages. The one of typical users
mistakes is that they use the same password for different purposes. If they
could use this for povray.org it is possible they could use it for something
different. Why to leave doors for less experienced hackers? Of course that's
responsibility of user but otherway there is no sense to make KFKT<MJY765*%$7
as password if it is only for user info at povray.org.
Another question: is it necessary to create login page with my email
recognized with cookies? I have not seen checkbox like "insert email adress
automatically" and since my email is called "private" in registration page I
expect I want it put every time when I log. Especially when it is written
above login form that I have to type email. I you want to recognize me just do
it but don't fill forms automatically, please. If somebody want it then can
use feature in IE.
ABX
Post a reply to this message
|
|
