[cap-talk] Rich Sharing and Clusterken videos come to YouTube
bruant.d at gmail.com
Sun Mar 18 12:57:23 PDT 2012
Le 15/03/2012 00:53, Marc Stiegler a écrit :
> Second is Webkeys or Passwords: Which is More Secure?
I'd like to take a minute to extend on how current browsers are hostile
to webkeys besides the bookmark hovering showed in the video.
First, there is the URL bar. Indeed, it just shows the URL, which is
annoying when you wish the URL to be kept secret. If the secret is kept
location.hash = "yo"
If the secret is not kept in the fragment, the recent History API can
support is good  assuming you can say IE6-9 users to go away :-)
A second browser annoyance regarding webkeys is the Referer HTTP header.
The problem is that if the secret is somewhere else than at the fragment
part, it will be sent along with any HTTP request to any server.
The referer header has biten a lot of people  and there is some
discussion of a feature limitating the Referer header  sent along
with a request. I think it's implemented on Webkit but not shipped in
browsers yet. Firefox is in the process of implementing it .
More information about the cap-talk