[sldev] [VIEWER] Authentication

Argent Stonecutter secret.argent at gmail.com
Sat Sep 29 07:01:15 PDT 2007

Previous message: [sldev] [META] Formal critique of new auth mechanism?
Next message: [sldev] [VIEWER] Authentication
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hell, this is even likely to promote the use of third-party clients  
that aren't dependent on the splash screen for login.

It creates (as Nicolaz pointed out) a whole new class of exploits  
using cross site scripting. Google's been battling that one for ages.

It means a thumb-drive SL install for locations where you don't want  
to trust the browser is useless.

And it doesn't do anything to protect people from trojanned viewers,  
because it's not the password that needs to be protected... and you  
can't keep the viewer from getting at everything that *does* need to  
be protected.

Previous message: [sldev] [META] Formal critique of new auth mechanism?
Next message: [sldev] [VIEWER] Authentication
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list