Peter Poeml schrieb:
On Fri, Jul 25, 2008 at 07:28:18AM +0200, Adrian Schröter wrote:
I have two suggestions for improvement that should be easy to implement besides the general redesign:
- Put the input fields for the login credentials directly on the front page, in place of the "Login" part of the current combind "Register | Login" link. For security reasons, the credentials are not handled by the same server. Actually, the server rendering build.o.o does never see the password. Therefore it would be not really easy/possible in secure way to implement
Am Donnerstag 24 Juli 2008 18:02:35 schrieb Reinhard Max: this.
I fail to see how this matters. The one that sends the password is always the client. If it gets the form from build.opensuse.org is irrelevant. Getting the form from there is as secure, as clicking on the tiny link in the top right corner is "securely" leading to the right login form on some ichain server.
This is a big misunderstanding of "secure", if you ask me.
Or what do I miss? :-)
Neither build.opensuse.org nor api.opensuse.org ever get in touch with the password, it is handled by the ichain proxy. This means even if some evil person manages to infect the api/build source or the api/build server gets hacked, no passwords can be sniffed/retrieved. Andreas
To unsubscribe, e-mail: firstname.lastname@example.org For additional commands, e-mail: email@example.com