This will not work on a box that is properly patched. IE patch KB832894 disabled this. It is also included in the IE 6 service packs 1 and above I believe.
This was a URL spoofing security issue that Microsoft addressed. Here are some articles that explain more.
http://support.microsoft.com/default.aspx?scid=kb;en-us;834489
http://www.microsoft.com/technet/security/bulletin/MS04-004.mspx
There are alternative methods of doing this. You should find some on Microsoft’s website.
Thanks,
David
-----Original message-----
From: "Mark W. Breneman" [EMAIL PROTECTED]
Date: Tue, 3 Aug 2004 13:08:21 -0400
To: CF-Talk [EMAIL PROTECTED]
Subject: username/password via URL over SSL secure?
> Can anyone confirm that sending a username / password in the form of
> <https://bob:[EMAIL PROTECTED]/> https://bob:[EMAIL PROTECTED] is secure
> and not passed via plain text.
>
> I fired up Ethereal and it looks like the username and password are not
> passed in the clear.
>
> I am no expert with the packet capturing. Well, not yet anyway :-)
>
>
> Mark W. Breneman
> -Cold Fusion Developer
> -Network Administrator
> Vivid Media
> [EMAIL PROTECTED]
> www.vividmedia.com <http://www.vividmedia.com/>
> 608.270.9770
>
>
>
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
