Noscript
nuff said
15 publicly visible posts • joined 18 May 2007
But in the example given wont they always be behind a NAT device of some sort? With access to the same one as you?
Sure someone upstream (at your ISP) could be doing it... but the contents of email tends to only be of value to people that directly know you and hence will be in your vicinity. (Obviously not always).
Your example is just adding in more obscurity to try and achieve secturity... thats not good practise.
But in the example given wont they always be behind a NAT device of some sort? With access to the same one as you?
Sure someone upstream (at your ISP) could be doing it... but the contents of email tends to only be of value to people that directly know you and hence will be in your vicinity. (Obviously not always).
Your example is just adding in more obscurity to try and achieve secturity... thats not good practise.
Is the problem that gmail is dropping the https connection after you login... so once you've signed in your cookies are sent in plain text?
Well if you go to https://mail.google.com/mail/ (note the https), then it keeps your session encrypted the whole time your logged in... so your cookies should be safe?
I do this at work currently anyway to stop the boss from getting my mail in plain text going through the proxy. I know mail is later sent in plain text across the internet but I dont care to much about people upstream reading my email, just people that know me.
I got into the beta yesterday... so I excitedly logged in only to find that it wasnt working!
I was getting an "unexpected error" and told to try again later.
Humph
Also I found that, ontop of it requiring Windows to run, it requires you to view the page in IE :(
Its just like them bringing out a new channel you can only watch with a Sony freeview box