alierak: (Default)
alierak ([personal profile] alierak) wrote in [site community profile] dw_maintenance 2014-10-15 04:12 pm (UTC)

Oh, shit, was that the PalmPilot? That would explain a lot.

You're right, the fallback to cleartext is definitely worse, making you vulnerable to a passive MITM, where the SSLv3 or javascript methods would only be vulnerable to an active MITM. I could see maybe throwing in a noscript section that tells you the password will be sent in cleartext.

Post a comment in response:

This account has disabled anonymous posting.
(will be screened if not validated)
If you don't have an account you can create one now.
No Subject Icon Selected
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org