2
edits
Talk:Session Restore: Difference between revisions
Jump to navigation
Jump to search
→Security of saved data
LukeKendall (talk | contribs) |
LukeKendall (talk | contribs) |
||
| Line 30: | Line 30: | ||
--[[User:FrederikVds|FrederikVds]] 15:04, 6 April 2006 (PDT) | --[[User:FrederikVds|FrederikVds]] 15:04, 6 April 2006 (PDT) | ||
=== An opposing view === | |||
These suggestions seem over-designed, to me. The same logic would apply to any sensitive information stored on your computer. What about email addresses in your mail program? Financial accounting information for your company? By the same logic, all this should be encrypted too. | |||
One problem with encrypting the information is that it's unrecoverable if you forget the password, or if there's a tiny data error through hardware faults that corrupt a bit. Nor can you dive in with a text editor and delete the saved URL that's causing your browser to crash. The session data is a black box, uneditable. On the design side, I argue that it goes against the Unix philosophy of modular easily-connected components. If you want encryption, save it to an encrypted file system, or encrypt the files with PGP or something. | |||
IMHO, the file format for the saved session should be XML or even plain text. The most I'd suggest as far as security would be to avoid storing cookies or form data or passwords. Let the browser request fresh cookies, and the user re-enter their passwords etc., upon reload. | |||
--[[User:LukeKendall|LukeKendall]] 10:30, 18 July 2006 (EST) | |||
== Restoring after voluntary exit not optional == | == Restoring after voluntary exit not optional == | ||