[whatwg] Hashing Passwords Client-side

Aryeh Gregor Simetrical+w3c at gmail.com
Mon Jun 20 15:38:21 PDT 2011


On Mon, Jun 20, 2011 at 4:40 AM, James Graham <jgraham at opera.com> wrote:
> FWIW I disagree. The same argument could be used against client-side form
> validation since some authors might stop doing proper server-side
> validation.

I agree, HTML5 forms provide a minor net security loss.  However, the
loss is fairly small and is easily outweighed by the non-security
advantages.  Here we have a proposal that only has security benefits,
so if it's a net security loss by even a small margin, or even if it's
only a small security gain, it's not worth it.



More information about the whatwg mailing list