WebKit [LSARC/2008/782 FastTrack timeout 26/12/2008]
Hugh McIntyre
lists at mcintyreweb.com
Tue Jan 13 01:14:59 PST 2009
Alfred Peng wrote:
> On 01/07/09 01:21, Hugh McIntyre wrote:
>> Sounds OK, since the out-of-the-box default won't load HTTPS in an
>> unsafe way. Presumably any documentation on "WEBKIT_IGNORE_SSL_ERRORS"
>> will point out that this defeats the security of HTTPS?
>>
> There isn't document for this right now. Maybe man page is a good place
> to add this?
I guess I don't care strongly about this, so the ARC may want to provide
a preference. Either:
- Provide a safe default (no loading of unsafe HTTPS pages) and don't
document this variable anywhere.
- or document only to the extent of saying "WEBKIT_IGNORE_SSL_ERRORS
exists as an option but breaks security and generally should not be
used". Or something along these lines.
Hugh.
More information about the opensolaris-arc
mailing list