Comments on: PayPal is Safer with NoScript

By: uberVU - social comments

uberVU - social comments — Sun, 22 Nov 2009 20:54:15 +0000

Social comments and analytics for this post

This post was mentioned on Twitter by planetmozilla: Giorgio Maone: PayPal is Safer with NoScript: Strict Transport Security (STS) has gone live on PayPal yesterday.. http://bit.ly/3YqKe2

By: PayPal is Safer with NoScript [ hackademix.net ]

PayPal is Safer with NoScript [ hackademix.net ] — Sat, 07 Nov 2009 23:46:26 +0000

[…] PayPal is Safer with NoScript Found 2 hours, 14 minutes ago Strict Transport Security STS has gone live on PayPal yesterday STS is a simple yet effective system for web sites requiring high safety levels eg payment gateways or financial institutions to force HTTPS connections on every request originated by supporting browsers It is currently supported by NoScript Chrome 4 beta and Sid Stamm8217s Force TLS Together with NoScript8217s From: hackademix.net […]

By: Giorgio

Giorgio — Sat, 07 Nov 2009 22:33:55 +0000

@Alan Baxter:
No, using the NoScript Options|Advanced|HTTPS stuff doesn’t hurt anything on STS-enabled sites.

Actually, the “normal” (user-driven) HTTPS-enforcing NoScript features can be used to customize STS: for instance, the “never force HTTPS” list does affect STS, allowing you to state user-driven exceptions to the server-driven enforcement.

By: GµårÐïåñ

GµårÐïåñ — Sat, 07 Nov 2009 20:35:33 +0000

Well despite the fact that PayPal totally sucks and I hate having to deal with them at all, it is good news that at least with NoScript they are safer to use. I would still be interested to know about what Alan asked, is it a replacement (or redundant) to using Force HTTPS or can they be used in conjunction? If so, will they cause any issues?

By: Alan Baxter

Alan Baxter — Sat, 07 Nov 2009 17:38:02 +0000

Does it hurt anything if I to continue to force *.paypal.com using the NoScript Force HTTPS facility while never forcing email*.paypal.com?