Fwd: Is there any reason not to enable proxy-autologin by default?

Manish Goregaokar manishsmail at gmail.com
Tue Sep 10 08:58:21 UTC 2013


Oops, I meant to send that to everyone. Forwarding.

-Manish Goregaokar


On Tue, Sep 10, 2013 at 2:26 PM, Gervase Markham <gerv at mozilla.org> wrote:

> On 09/09/13 21:03, Manish Goregaokar wrote:
> > Can't they do that anyway? MITM attacks on the proxy password are
> > already possible if you're behind an HTTP proxy.
> >
> > There's no way to notice (from within FF) that an MITM is going on, so
> > in both cases (autologin or no autologin) the user will log in.
>
> [Did you mean to send this only to me?]
>
> mozilla.dev.security is probably the right place for this conversation.
> I think you tried to send your original message there as well as
> firefox-dev, but you used an incorrect email address.
>
> https://www.mozilla.org/about/forums/#dev-security
>
> Gerv
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/firefox-dev/attachments/20130910/0ebcac3d/attachment.html>


More information about the firefox-dev mailing list