James Carman wrote:
The browser's saved passwords support doesn't transmit your password over
HTTP along with the rest of the markup, though. It just remembers it and
auto-populates it for you once it receives the HTML from the site. So, it's
as unsafe as your computer is (hopefully you use a password on your
computer). :)
I guess I have a hard time seeing the security differences between
retrieving a cookie vs. submitting credentials in a POST - both are
insecure from man-in-the-middle attacks if not using SSL!? Anyway back
to my original issue, as Timo points out, HTML just works that way. I
guess what I see on java.net is browser functionality rather than
application/cookie functionality.
/Casper
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
