diff options
| author |  Joey Hess <joey@kitenet.net> | 2014-04-25 16:34:33 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2014-04-25 16:34:33 -0400 |
| commit | 6f7fcedbf15457761ecaf16b915a85a4ccb16b02 (patch) | |
| tree | f996f99cc81f289abdf7084c45aab356406e5f35 /doc/design/assistant | |
| parent | 059fd34965ed23d0efe5cc2713e23c3be77501ae (diff) | |
devblog
Diffstat (limited to 'doc/design/assistant')
| -rw-r--r-- | doc/design/assistant/sshpassword.mdwn | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/doc/design/assistant/sshpassword.mdwn b/doc/design/assistant/sshpassword.mdwn index 6e6526063..00c33ccf8 100644 --- a/doc/design/assistant/sshpassword.mdwn +++ b/doc/design/assistant/sshpassword.mdwn @@ -25,12 +25,12 @@ code to run ssh-askpass. * Maybe force upgrade webapp to https? Locally, the risk would be that root could tcpdump and read password, so not large risk. If webapp - is used remotely, require https. + is being accessed remotely, absolutely: require https. * Use hs-securemem to store password. * Avoid storing password for long. Erase it after webapp setup of remote is complete. Time out after 10 minutes and erase it. -* Prompt using a field name that does not trigger web browser password - saving. +* Prompt using a html field name that does not trigger web browser password + saving if possible. ### ssh-askpass shim, and password forwarding |