diff options
Diffstat (limited to 'doc/design/assistant')
| -rw-r--r-- | doc/design/assistant/sshpassword.mdwn | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/doc/design/assistant/sshpassword.mdwn b/doc/design/assistant/sshpassword.mdwn index 6e6526063..00c33ccf8 100644 --- a/doc/design/assistant/sshpassword.mdwn +++ b/doc/design/assistant/sshpassword.mdwn @@ -25,12 +25,12 @@ code to run ssh-askpass. * Maybe force upgrade webapp to https? Locally, the risk would be that root could tcpdump and read password, so not large risk. If webapp - is used remotely, require https. + is being accessed remotely, absolutely: require https. * Use hs-securemem to store password. * Avoid storing password for long. Erase it after webapp setup of remote is complete. Time out after 10 minutes and erase it. -* Prompt using a field name that does not trigger web browser password - saving. +* Prompt using a html field name that does not trigger web browser password + saving if possible. ### ssh-askpass shim, and password forwarding |