[Freeipa-devel] [PATCH] 736-740 webui: various minor fixes
Simo Sorce
simo at redhat.com
Mon Aug 25 00:32:13 UTC 2014
On Fri, 2014-08-22 at 14:32 -0500, Endi Sukma Dewata wrote:
>
> If for some reason we decided to generate fingerprints in the UI, in
> my opinion using WebCrypto will not pose any security problem or
> mislead users into a false sense of security because the operation is
> purely informational, it does not do any
> encryption/decryption/validation. Any fingerprint generated on the UI
> side will be discarded anyway, the server will still generate its own
> fingerprints.
It's not (only) the users I am concerned about, mostly the developers.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list