Re: Network security manager

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network security manager

From:	Lars Magne Ingebrigtsen
Subject:	Re: Network security manager
Date:	Tue, 18 Nov 2014 19:10:23 +0100
User-agent:	Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.51 (gnu/linux)

Thinking about it a bit more, I see one security implication when
downloading images in eww without verifying the certificates.

Let's say you've logged in to https://example.com so you have a login
cookie.  Somebody could man-in-the-middle you between when you've loaded
the HTML and when you're loading the images from https://example.com,
and then you will be sending your login cookie to that man who sits
there in the middle.

This is the sort of scenario that Professional Security Professionals
love.

So...  failing and leaving a "broken image" icon in the buffer is
probably the safe thing to do.  (It's what all other browsers do.)

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Network security manager, (continued)

Prev by Date: Re: Network security manager
Next by Date: Re: [PATCH] support a few of the new features of C++11 in syntax highlighting
Previous by thread: Re: Network security manager
Next by thread: Re: Network security manager
Index(es):
- Date
- Thread