[Webkit-unassigned] [Bug 51599] The web process uses its own credential storage
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Dec 24 15:05:50 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=51599
--- Comment #7 from mitz at webkit.org 2010-12-24 15:05:50 PST ---
(In reply to comment #6)
> This change looks surprising for several reasons.
> - Why do we even want this?
For security and correctness. The credentials belongs to the client, not to WebKit.
> There is no explanation in Bugzilla, and the one I see in Radar isn't fully convincing.
> - IPC doesn't come free - at least chromium tries hard to limit the number of messages.
> - Doesn't this break default credentials (see ResourceHandle::createNSURLConnection()) - sometimes credentials must be sent preemptively, without waiting for a challenge)?
How can there be a default credential for a protection space if there was never a challenge for that protection space?
> Please CC Brady and myself when making changes to HTTP authentication.
OK.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list