Privatize sensitive operations #160

amalloy opened this Issue Oct 13, 2011 · 0 comments


None yet
1 participant

amalloy commented Oct 13, 2011

For example, sending login password or setting email seem to me like they should force https. We could do these in the clear if we used a salt or a nonce or something like that in javascript (not exactly a security expert here), but just using https seems simpler.

I'm happy to be convinced there's a better way that I don't know about.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment