On Wed, Nov 10, 2004 at 08:27:41PM +0800, Robert Vangel wrote:
> That may be so, but isn't it the fact that IE gives the credentials of
> the currently logged on user straight away, not defaulting to asking for
> a username and pass first.
Right. I asked the question wrongly at first. It's IE,
David Dorward wrote:
On Wed, 10 Nov 2004 07:13:56 +, Upayavira <[EMAIL PROTECTED]> wrote:
Just learned IIS Basic authentication
How is this different from Apache's basic authentication
It isn't - Basic Authentication is part of the HTTP standard.
To quote: "The basic authentication scheme i
On Wed, 10 Nov 2004 07:13:56 +, Upayavira <[EMAIL PROTECTED]> wrote:
> >Just learned IIS Basic authentication
> How is this different from Apache's basic authentication
It isn't - Basic Authentication is part of the HTTP standard.
To quote: "The basic authentication scheme is a non-secure me
On Wed, Nov 10, 2004 at 07:13:56AM +, Upayavira wrote:
> >
> How is this different from Apache's basic authentication, which I
> believe also passes user/pass information as plain text?
>
> You should use SSL with Apache too.
Yeah, isn't the Security hole actually in IE, which gives up
your
William Ballard wrote:
Just learned IIS Basic authentication transmits
a users user name and password in Base64 over the internet.
MS recommends you use SSL with it.
But, even if you do that, can't you use an ISAPI
to silently phish somebody's password? Or even if the dialog
comes up, Granma and G
Just learned IIS Basic authentication transmits
a users user name and password in Base64 over the internet.
MS recommends you use SSL with it.
But, even if you do that, can't you use an ISAPI
to silently phish somebody's password? Or even if the dialog
comes up, Granma and Granpa will hit okay.
6 matches
Mail list logo
