On Mon 02 Nov 2015 at 14:17:39 +0100, Vincent Lefevre wrote: > On 2015-11-02 13:03:14 +0000, Brian wrote: > > The reason you advance is probably the one which bank's IT section would > > give if you asked them. Quite how a user's browser can compromise the > > security of the site itself is unlikely to be explained. > > The user's browser cannot compromise the site itself. But a security > bug may permit an attacker to get the user's login and password, and > neither the bank nor the user would like this.
Would this obtaining of the password be before or after encryption takes place? > > The OP could look at > > > > https://wiki.debian.org/Iceweasel#User-Agent_string > > Note that if the user tries to overrides the bank security decision > and has his bank account compromised, he will probably get the full > responsibility. I would definitely not recommend to do this. I'd maintain the bank's decision on which user-agent to accept has little or nothing to do with security.
