Remember port number and potentially host password

nickdesaulniers / fxos-irc

IRC client for FxOS (and now desktop FF)

GNU General Public License v3.0

37 stars 13 forks source link

Remember port number and potentially host password #85

Closed errietta closed 9 years ago

errietta commented 9 years ago

The port number for the server settings should be remembered, and perhaps we can have a checkbox to remember the host password. @nickdesaulniers any way to do that securely?

nickdesaulniers commented 9 years ago

As long as we guard against XSS attacks, I'm not sure storing it in plaintext matters. You could store the password encrypted, and decrypt it, but if the app is vulnerable to XSS, then an attacker could just call the decrypt function. That makes me think about our current support for links. I should triple check one can't abuse that for XSS.

errietta commented 9 years ago

R? @nickdesaulniers