On Sun, 8 Jun 2003, Cliff Woolley wrote: > On Mon, 9 Jun 2003, [ISO-8859-1] Andr� Malo wrote: > > > Just my opinion: I don't like it very much, since it decreases security and > > violates the RFC very hard. The Client should be fixed, not the server. > > ...but I won't stand in the way if there are positive votes on it. > > Well, part of the reason I said we should go back and look is that I > seem to recall at least one person voicing exactly that same opinion the > last time this came up -- and there might have been an actual veto. > --Cliff
Does anyone know why MS hasn't fixed this? This problem has been well known for quite some time now. Considering the fact that we don't want to discourage people from using digest, even if the client implimentation is buggy, I might be tempted to accept the patch, but name the env variable something sufficiently nasty, like MSIE_DIGEST_SECURITY_HOLE. Joshua.
