Re: http://Login:Password@WebsiteAdress.com

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 08/15/03


Date: Fri, 15 Aug 2003 13:32:36 +1000


If someone else can get access to the machine, and look at the user's
history (or just look over the user's shoulder!), then they get the
username/password in the clear.

Cheers
Ken

"GI" <Jo@ezf.com> wrote in message
news:030201c362a8$b43b9fa0$a601280a@phx.gbl...
: Hi all,
:
: I would like to know wether there might be a security
: problem while sending this kind of request :
:
: http://Login:Password@WebsiteAdress.com for a secured web
: site with IIS (Network password).
:
: As I would like to allow my users to connect
: straightfully, is there any way to be hacked and somebody
: finds this http address.
:
: Does the problem still exist if we use https with SSL ?
:
: Thanks for your help.