undefined | Better HN

0 pointsjsfitzsimmons8y ago0 comments

Your second point is a great point, and I believe that there should be a user prompt every time something tries to read from the password database over any API.

With that said, what's the threat model for the first point? Is localhost interception a serious risk?

0 comments

Quiark8y ago

As far as I know, localhost can't be intercepted. Except for unintentional mistakes such as binding to 0.0.0.0 instead of 127.0.0.1. And inevitably there are going to be some tinkerers who'll run it over the network because it suits them.

j / k navigate · click thread line to collapse

0 pointsjsfitzsimmons8y ago0 comments

Your second point is a great point, and I believe that there should be a user prompt every time something tries to read from the password database over any API.

With that said, what's the threat model for the first point? Is localhost interception a serious risk?

0 comments

Quiark8y ago

j / k navigate · click thread line to collapse