-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
respect spanish domains .com.es #1
Comments
There is quite a lot more of domains which should be added, according to the public suffix list initiated by Mozilla. Not sure all of the should be added but the existing list in domain extractor only covers a fraction of what's out there. I have created a Gist based on the suffix list for easier parsing, separated into ICANN and private suffixes, maybe this can be used. |
I think it is a good idea to use the public suffix list, but this would break backward compatibility. Currently, a.github.io and b.github.io will use the same password. Using the public suffix list will solve that, but this would mean that users can no longer log in on both websites. Any ideas on how to handle this? |
yeah backwards compatibility is tricky here, also such a long domain list could slow down pwdhash. so i would focus on domains relating to countries and cities, and common used ones to reduce the domain list. then users should be notified after the new list is implemented, so they know where to change their passwords (with link to pwdhash.com for old domain list password generation) |
One improvement to performance may be to lazy-load most scripts. Only load a small script on every page, and then only load the rest (MD5 algorithm, suffix list) when the user has pressed F2 or entered "@@". One advantage of using the public suffix list is that the administration and updating of domain suffixes is out of your hands. You can simply copy their list to pwdhash once in a while.
I guess you could show a popup or a notice when the domain is different between the two suffix lists. But it would be hard to get the user interaction right without being annoying. |
check if spanish domains like a.com.es, b.com.es should be treated like .co.uk ...
reported by: https://addons.mozilla.org/de/firefox/addon/pwdhash/reviews/791903/
The text was updated successfully, but these errors were encountered: