Mailinglist Archive: opensuse-buildservice (351 mails)

< Previous Next >
Re: [opensuse-buildservice] OBS Webclient Redesing
  • From: Andreas Bauer <abauer@xxxxxxx>
  • Date: Fri, 25 Jul 2008 13:35:37 +0200
  • Message-id: <4889BA89.1070209@xxxxxxx>
Peter Poeml schrieb:
On Fri, Jul 25, 2008 at 07:28:18AM +0200, Adrian Schröter wrote:
Am Donnerstag 24 Juli 2008 18:02:35 schrieb Reinhard Max:
I have two suggestions for improvement that should be easy to
implement besides the general redesign:

1. Put the input fields for the login credentials directly on the
front page, in place of the "Login" part of the current combind
"Register | Login" link.
For security reasons, the credentials are not handled by the same server. Actually, the server rendering build.o.o does never see the password. Therefore it would be not really easy/possible in secure way to implement this.

I fail to see how this matters. The one that sends the password is
always the client. If it gets the form from build.opensuse.org is
irrelevant. Getting the form from there is as secure, as clicking on the
tiny link in the top right corner is "securely" leading to the right
login form on some ichain server.

This is a big misunderstanding of "secure", if you ask me.

Or what do I miss? :-)

Neither build.opensuse.org nor api.opensuse.org ever get in touch with
the password, it is handled by the ichain proxy. This means even if some
evil person manages to infect the api/build source or the api/build
server gets hacked, no passwords can be sniffed/retrieved.

Andreas

Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >