Mailinglist Archive: opensuse-buildservice (351 mails)

< Previous Next >
Re: [opensuse-buildservice] OBS Webclient Redesing
  • From: Peter Poeml <poeml@xxxxxxx>
  • Date: Fri, 25 Jul 2008 12:44:44 +0200
  • Message-id: <20080725104444.GF24015@xxxxxxx>
On Fri, Jul 25, 2008 at 07:28:18AM +0200, Adrian Schröter wrote:
Am Donnerstag 24 Juli 2008 18:02:35 schrieb Reinhard Max:
I have two suggestions for improvement that should be easy to
implement besides the general redesign:

1. Put the input fields for the login credentials directly on the
front page, in place of the "Login" part of the current combind
"Register | Login" link.

For security reasons, the credentials are not handled by the same server.
Actually, the server rendering build.o.o does never see the password.
Therefore it would be not really easy/possible in secure way to implement
this.

I fail to see how this matters. The one that sends the password is
always the client. If it gets the form from build.opensuse.org is
irrelevant. Getting the form from there is as secure, as clicking on the
tiny link in the top right corner is "securely" leading to the right
login form on some ichain server.

This is a big misunderstanding of "secure", if you ask me.

Or what do I miss? :-)

Peter
--
Contact: admin@xxxxxxxxxxxx (a.k.a. ftpadmin@xxxxxxxx)
#opensuse-mirrors on freenode.net
Info: http://en.opensuse.org/Mirror_Infrastructure

SUSE LINUX Products GmbH
Research & Development
< Previous Next >
Follow Ups