You mean, if javascript is on in your browser, if the javascript loads to the browser and if it runs correctly in your browser, then your password is still encrypted, right?
Maybe you all could pick one story and stick to it? I don't disagree with the conclusion to suspend SSLv3, but you know, "it's not perfect, but at least it's not being set in cleartext" is a lot more true of supporting SSLv3 despite POODLE than it is of a silently failing javascript in-browser encryption scheme.
Which is it? "Imperfect is better than cleartext" or "Since it's not perfect, better it's in cleartext".
no subject
You mean, if javascript is on in your browser, if the javascript loads to the browser and if it runs correctly in your browser, then your password is still encrypted, right?
Maybe you all could pick one story and stick to it? I don't disagree with the conclusion to suspend SSLv3, but you know, "it's not perfect, but at least it's not being set in cleartext" is a lot more true of supporting SSLv3 despite POODLE than it is of a silently failing javascript in-browser encryption scheme.
Which is it? "Imperfect is better than cleartext" or "Since it's not perfect, better it's in cleartext".