|
|
|
|
|
|
by richard_todd
3754 days ago
|
|
|
Right, if you can watch loopback as a normal user, then the biggest problem is with machine configuration. After that, assuming the transmission has to happen, it's just a matter of how difficult you want to make it for root to see the passwords. Since you have to arrive at plaintext in the browser itself, everything a determined root needs to decrypt the transmission will be present on the machine anyway. Still, even a simple ROT-13 to keep an honest root from accidentally seeing the password would be welcome. |
|
|