11 Oct
2011
11 Oct
'11
11:15 p.m.
On Oct 11, 2011, at 3:54 PM, Conan Kudo (ニール・ゴンパ) wrote:
2011/10/11 Josh Juran josh@iswifter.net
To clarify, your browser sends your password to bugzilla in cleartext, since HTTPS isn't an option.
Shouldn't it be possible to modify the login environment so that a salted hash of the password is produced before sending it to the server, to strengthen the security a little bit?
That protects the password itself, but not the privilege it guards.
It also essentially makes Javascript a requirement, which currently it isn't.
Josh