On 2021-08-17, Barry <ba...@barrys-emacs.org> wrote: >> That's usually irrelevant, since the alternative is most likely to be >> form fill-out, which is exactly as secure. If you're serving over >> HTTPS, the page is encrypted, and that includes the headers; if you're >> not, then it's not encrypted, and that includes the form body. > > There is digest and Ntlm that do not reveal the password.
That's only true if you're not using HTTPS - and you should *never* not be using HTTPS, and that goes double if forms are being filled in and double again if passwords are being supplied. -- https://mail.python.org/mailman/listinfo/python-list