@davewiner So, can the fargo site serving javascript get compromised, and read the HTML password and send it off somewhere? or worse?
-
-
-
@davewiner Doing encryption is site-served javascript is a sketchy proposition. - Show replies
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@ChrisSoyars@davewiner Shouldn't store the password. Once the javascript is compromised, merely opening the page is a vector. Always promptThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@ChrisSoyars@davewiner@koush if you don't have SSL enabled and you auth users you are doing it wrong..Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@ChrisSoyars@davewiner@koush even though SSL is completely broken it will deter the idiot bots and skids -
@benbuchacher@chrissoyars@davewiner Yeah, the dropbox oauth token travels as plaintext during the redirect back to http://fargo.io . - Show replies
New conversation -
-
-
@ChrisSoyars@koush@davewiner well, just because its using SSL it doesn't mean its secure. Still need proper steps for security as well.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.