[RFC] Javascript password protection

Note: We are moving the topics of this forum and it will be deleted at some point

Publish your own request for comments/change or patches for the next version of phpBB. Discuss the contributions and proposals of others. Upcoming releases are 3.2/Rhea and 3.3.
User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1731
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: [RFC] Javascript password protection

Post by DavidIQ » Sun May 23, 2010 9:05 pm

Maybe as an option during setup. Most sites don't have a valid SSL certificate or don't have one at all so the user would end up on an error page or get some error from the browser stating that the certificate is not valid, both of which would drive potential new users away.
Image

Nelsaidi
Registered User
Posts: 122
Joined: Tue Nov 11, 2008 5:44 pm

Re: [RFC] Javascript password protection

Post by Nelsaidi » Sun May 23, 2010 9:13 pm

And means the many other boards without access to SSL dont benefit from the extra layer of security

User avatar
naderman
Product Manager
Product Manager
Posts: 1727
Joined: Sun Jan 11, 2004 2:11 am
Location: Karlsruhe, Germany
Contact:

Re: [RFC] Javascript password protection

Post by naderman » Mon May 24, 2010 5:34 am

That is entirely unrelated. This proposal is about adding extra protection to passwords sent over http in plaintext. Meaning on sites that do not use SSL.

User avatar
ToonArmy
Registered User
Posts: 335
Joined: Fri Mar 26, 2004 7:31 pm
Location: Bristol, UK
Contact:

Re: [RFC] Javascript password protection

Post by ToonArmy » Sun May 30, 2010 4:01 pm

FeyFre wrote:3. What about CLDC devices? Will they have enough resources to perform encryption? Native browsers of mobile devices, Opera-mini, Fennec, etc etc etc? (For instance: my Nokia6233 native browser can browse phpbb forums on standard styles, and it is JavaScript-enabled, but I not sure it have enough resource to perform complex encryption algorithm).
MicroB, the Maemo browser using Gecko, on my N900 processes a > 20 character password instantaneously.
Chris SmithBlogXMOOhlohArea51WikiNo support via PM/IM
Image

User avatar
FeyFre
Registered User
Posts: 29
Joined: Wed Mar 17, 2010 9:49 pm

Re: [RFC] Javascript password protection

Post by FeyFre » Sun May 30, 2010 8:59 pm

ToonArmy wrote:MicroB, the Maemo browser using Gecko, on my N900 processes a > 20 character password instantaneously.
Maemo is Linux(or Linux based, but it does not matter). If device has enough power(and memory) to run Linux(I do not want start distro-holywar, but Debian is not the best choice for embedded solutions IMHO), then it probably will be enough powerful to run most of crypto algorithms.
(Since I have overheated once my Nokia 6610's CPU using simple SIN function, so I'm not sure I want retry similar experiment on other devices. Bad experience)

It will be perfect, if implementation will be able to autodetect such clients.

Post Reply