severity 160579 important thanks Steve Langasek wrote: > 160579 amounts to "a user can do stupid things that will expose his > password, like typing them into the URL bar";
I disagree here because that's not actually the bug: it's documented that storing your password in a (bookmarked) URL is possible but insecure, but the actual behaviour is way more insecure: the password is then kept in the URL so every link you click; your password ends up in other people's referer logs. That has been addressed upstream in the given patch. It's considered here (BSP) to be significantly more than a minor issue. Thijs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
