[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Network security manager
From: |
Lars Magne Ingebrigtsen |
Subject: |
Re: Network security manager |
Date: |
Tue, 18 Nov 2014 19:10:23 +0100 |
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.51 (gnu/linux) |
Thinking about it a bit more, I see one security implication when
downloading images in eww without verifying the certificates.
Let's say you've logged in to https://example.com so you have a login
cookie. Somebody could man-in-the-middle you between when you've loaded
the HTML and when you're loading the images from https://example.com,
and then you will be sending your login cookie to that man who sits
there in the middle.
This is the sort of scenario that Professional Security Professionals
love.
So... failing and leaving a "broken image" icon in the buffer is
probably the safe thing to do. (It's what all other browsers do.)
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- Re: Network security manager, (continued)
- Re: Network security manager, Eli Zaretskii, 2014/11/18
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Message not available
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Re: Network security manager,
Lars Magne Ingebrigtsen <=
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Ted Zlatanov, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Ted Zlatanov, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Ted Zlatanov, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19