Fwd: Is there any reason not to enable proxy-autologin by default?
manishsmail at gmail.com
Tue Sep 10 08:58:21 UTC 2013
Oops, I meant to send that to everyone. Forwarding.
On Tue, Sep 10, 2013 at 2:26 PM, Gervase Markham <gerv at mozilla.org> wrote:
> On 09/09/13 21:03, Manish Goregaokar wrote:
> > Can't they do that anyway? MITM attacks on the proxy password are
> > already possible if you're behind an HTTP proxy.
> > There's no way to notice (from within FF) that an MITM is going on, so
> > in both cases (autologin or no autologin) the user will log in.
> [Did you mean to send this only to me?]
> mozilla.dev.security is probably the right place for this conversation.
> I think you tried to send your original message there as well as
> firefox-dev, but you used an incorrect email address.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the firefox-dev