[links-list] Re: Global history and security

José Luis González González jlg80 at mi.madritel.es
Wed Apr 10 08:15:38 PDT 2002


On Wed, Apr 10, 2002 at 02:41:18AM -0400, Miciah Dashiel Butler Masters wrote:
> Should URLs with passwords (ftp://user:password@site/) be saved in the
> global history, in memory or to disk? Should they be displayed in the
> global history dialogue in whole, with the password stripped, or not
> at all? Should URLs with form post data (or any form data) be saved or
> displayed in the dialogue? Should there be options for this, and if so
> then what should they be? Please keep in mind that global history can
> be disabled at compile-time or run-time.

I would suggest, as Zas did, to provide run-time options for users that
default to most secure values. Nevertheless, showing a password on screen
does not seem a good idea for me when browsing the global history.

As of passwords saved to disk, what about the way netscape handles them?
Letting the user to choose obscure/encrypt/do not save. I'm sure the
'obscure' option would be the most appealing for users.
-- 
Unsubscribe: send email to links-list-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message



More information about the links-list mailing list