User talk:Csoma

From MozillaWiki
Jump to: navigation, search

Feel free to add your comments to this page.

Feel free to add your comments to this page.

Solution to avoid "Phising" - SSL

SSL auth required for "send password" (FORM)

  • This is an optional, but stongly recommended feature suggested during install
  • Sending password with <FORM> (or Javascript.Send) checks if the page is SSL encrypted and will display an error message if there's no valid SSL certificate or if the password is sent clear text.
  • Will not allow adding "*" to (or changing) FORM.edit field from Javascript (avoid sproof)

This way the user will get warning when (s)he tries to log in to an unsafe service, like phising sites. All sites with authentication should have valid SSL certificate or should be added to "safe to login" list.

This solution is already in use (SSL, certificates etc.), needs only a small support from browsers (Firefox) and with correctly installed website (for ex. banks) the user does not see any change.

It has the advantage that the user clearly knows when is using an unsafe website.