[Wine] WineHQ database compromise
Josh Juran
josh at iswifter.net
Tue Oct 11 18:15:48 CDT 2011
On Oct 11, 2011, at 3:54 PM, Conan Kudo (ニール・ゴンパ) wrote:
> 2011/10/11 Josh Juran <josh at iswifter.net>
>
>> To clarify, your browser sends your password to bugzilla in cleartext, since HTTPS isn't an option.
>
> Shouldn't it be possible to modify the login environment so that a salted hash of the password is produced before sending it to the server, to strengthen the security a little bit?
That protects the password itself, but not the privilege it guards.
It also essentially makes Javascript a requirement, which currently it isn't.
Josh
More information about the wine-users
mailing list