David Benjamin
David Benjamin
I wonder if we can do a little better here. JS already provides an Error class. The context constants probably ought to be classes (er, prototypes). Also might be good...
Actually get a ccache for that matter. If a service requests a ticket multiple times, we shouldn't have to talk to the TGT all the time. (This leaks some information...
The proxy tends to get stuck when the KDC times out. We should avoid this. Maybe use Badass Rockstar Tech servers which don't spawn a blocking thread per connection. But...
We should have documentation. How to set this up. How it works. How we defend against various common web vulnerabilities and things we still could improve on.
One option for #12 are Chrome and Firefox extensions. Chrome should be pretty easy since extensions are simply HTML and JavaScript which run in their own origins and everything. Though...
Unfortunately we rely on the server to send us the correct JS code. We also rely on the CA system to work for SSL. Investigate ways to lessen this trust....
Safari blows up on `X-WebKit-CSP`. Survey other WebKit browsers (various versions of the Android browser, in particular) and determine if the Chrome `X-WebKit-CSP` whitelist can turn into a Safari blacklist.
We should look at them and decide what are the correct ones we want and whatnot.
This is vague, but we could maybe do interesting things by protecting some data by the user's password when they enter it, akin to how gnome-keyring and friends are encrypted...
To use Webathena to authenticate a user (without actually requesting privileges), the server needs to share a secret with the KDC. This requires some effort to setup. Investigate implementing an...