Closed errietta closed 9 years ago
As long as we guard against XSS attacks, I'm not sure storing it in plaintext matters. You could store the password encrypted, and decrypt it, but if the app is vulnerable to XSS, then an attacker could just call the decrypt function. That makes me think about our current support for links. I should triple check one can't abuse that for XSS.
R? @nickdesaulniers
The port number for the server settings should be remembered, and perhaps we can have a checkbox to remember the host password. @nickdesaulniers any way to do that securely?