[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Avoiding HTTPS pitfalls [was: Re: Moxie Marlinspike]

coderman wrote:
> On Thu, Feb 19, 2009 at 4:17 AM, Erilenz <erilenz@xxxxxxxxx> wrote:
>> ...
>> I wonder if something could/should be built into TorButton to force a list of
>> commonly used services to go entirely over https? Eg any request for
>> ^http://mail\.google\.com/.*$
> a plugin to enforce secure cookies and https only operation for some
> domains would be useful.  i don't know of any that do this kind of
> thing yet...

Noscript has some options (Options, Advanced, HTTPS) that may help.
Disclaimer: I've not used these options and I don't know if it's secure.