Jean-Marc Desperrier wrote:
Well, we don't have the option to change the world, and in practice people just *do* send important login/password on http connections.
But that's insecure no matter what we do with our UI, and we should NOT be doing anything that makes it look more secure.
-Boris _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
