[whatwg] Hashing Passwords Client-side
Aryeh Gregor
Simetrical+w3c at gmail.com
Mon Jun 20 15:38:21 PDT 2011
On Mon, Jun 20, 2011 at 4:40 AM, James Graham <jgraham at opera.com> wrote:
> FWIW I disagree. The same argument could be used against client-side form
> validation since some authors might stop doing proper server-side
> validation.
I agree, HTML5 forms provide a minor net security loss. However, the
loss is fairly small and is easily outweighed by the non-security
advantages. Here we have a proposal that only has security benefits,
so if it's a net security loss by even a small margin, or even if it's
only a small security gain, it's not worth it.
More information about the whatwg
mailing list