[Project_owners] Creating applications with Mozilla

Eric Jung grimholtz at yahoo.com
Wed Aug 24 07:36:49 EDT 2005

True about Yahoo, but as I wrote before--if you look at the HTML of
mail.yahoo.com, you will see JavaScript which MD-5 hashes your
password before submitting it over HTTP. This "hides" your password
to snoopers, although it is susecptible to dictionary attacks. Gmail
does use SSL for login; not why you said they don't?

--- Michael Vincent <mv_van_rantwijk at yahoo.com> wrote:

> Eric Jung wrote:
> > --- Michael Vincent <mv_van_rantwijk at yahoo.com> wrote:
> >> Why on earth do you need 'hyper-secure' password for? I mean,
> most
> >> data, 
> >> even passwords, is send in plain text anyway. Most sites, even
> >> banks, 
> >> don't even use SSL for all their pages!
> >>
> > 
> > Maybe the banks in The Netherlands work that way, but not here in
> the
> > US! I used to work for Mellon, a large financial investment
> company
> > in the US. We always used SSL. And all my personal banks use SSL.
> > FYI, yes, there are some sites which send passwords in clear-text
> > (like Yahoo! Mail), but if you look at their source code, you'll
> see
> > they actually hash the password in JavaScript before sending it
> over
> > HTTP. Granted, this isn't ideal because of sites like
> > http://gdataonline.com, but it's better than nothing. Why they
> don't
> > use SSL for login like gmail, I wish I knew. Anyway, I'm quite
> > surprised you've found banks which don't use SSL. I would stay
> away
> > from them!
> Sure all banks use SSL for login sessions, but most forums like 
> MozillaZine and (web)mail and others don't use SSL at all, or not
> on all 
> pages. Just look at Gmail, Yahoo.com, Netscape.net et all ;)
> Michael
> _______________________________________________
> Project_owners mailing list
> Project_owners at mozdev.org
> http://mozdev.org/mailman/listinfo/project_owners

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the Project_owners mailing list