Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

respect spanish domains .com.es #1

Open
ghost opened this issue May 30, 2017 · 4 comments
Open

respect spanish domains .com.es #1

ghost opened this issue May 30, 2017 · 4 comments
Labels

Comments

@ghost
Copy link

ghost commented May 30, 2017

check if spanish domains like a.com.es, b.com.es should be treated like .co.uk ...

reported by: https://addons.mozilla.org/de/firefox/addon/pwdhash/reviews/791903/

@ghost ghost added the bug label May 30, 2017
@ghost ghost self-assigned this May 30, 2017
@quassy
Copy link
Contributor

quassy commented Jul 8, 2017

There is quite a lot more of domains which should be added, according to the public suffix list initiated by Mozilla. Not sure all of the should be added but the existing list in domain extractor only covers a fraction of what's out there.

I have created a Gist based on the suffix list for easier parsing, separated into ICANN and private suffixes, maybe this can be used.

@Sjord
Copy link

Sjord commented Jul 18, 2017

I think it is a good idea to use the public suffix list, but this would break backward compatibility. Currently, a.github.io and b.github.io will use the same password. Using the public suffix list will solve that, but this would mean that users can no longer log in on both websites. Any ideas on how to handle this?

@ghost
Copy link
Author

ghost commented Jul 21, 2017

yeah backwards compatibility is tricky here, also such a long domain list could slow down pwdhash.

so i would focus on domains relating to countries and cities, and common used ones to reduce the domain list. then users should be notified after the new list is implemented, so they know where to change their passwords (with link to pwdhash.com for old domain list password generation)

@Sjord
Copy link

Sjord commented Jul 23, 2017

such a long domain list could slow down pwdhash

One improvement to performance may be to lazy-load most scripts. Only load a small script on every page, and then only load the rest (MD5 algorithm, suffix list) when the user has pressed F2 or entered "@@".

One advantage of using the public suffix list is that the administration and updating of domain suffixes is out of your hands. You can simply copy their list to pwdhash once in a while.

then users should be notified

I guess you could show a popup or a notice when the domain is different between the two suffix lists. But it would be hard to get the user interaction right without being annoying.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants