Paul Cohen wrote: > 1. Client -> Server: HTTP GET "http://foo:[EMAIL PROTECTED]/new- > > Another question is: Why is the username and password sent in the URL?
Is it? Not what I see when I run a packet sniffer. If the UN/PW is being sent in the GET message I'd expect the server to return a 404 -- they don't know what to do with it either. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security