Re: http://Login:Password@WebsiteAdress.com
From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 08/15/03
- Next message: Ken Schaefer: "Re: How to"
- Previous message: Ken Schaefer: "Re: Windows Integrated Authentication ??"
- In reply to: GI: "http://Login:Password@WebsiteAdress.com"
- Next in thread: GI: "Re: http://Login:Password@WebsiteAdress.com"
- Reply: GI: "Re: http://Login:Password@WebsiteAdress.com"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Aug 2003 13:32:36 +1000
If someone else can get access to the machine, and look at the user's
history (or just look over the user's shoulder!), then they get the
username/password in the clear.
Cheers
Ken
"GI" <Jo@ezf.com> wrote in message
news:030201c362a8$b43b9fa0$a601280a@phx.gbl...
: Hi all,
:
: I would like to know wether there might be a security
: problem while sending this kind of request :
:
: http://Login:Password@WebsiteAdress.com for a secured web
: site with IIS (Network password).
:
: As I would like to allow my users to connect
: straightfully, is there any way to be hacked and somebody
: finds this http address.
:
: Does the problem still exist if we use https with SSL ?
:
: Thanks for your help.
- Next message: Ken Schaefer: "Re: How to"
- Previous message: Ken Schaefer: "Re: Windows Integrated Authentication ??"
- In reply to: GI: "http://Login:Password@WebsiteAdress.com"
- Next in thread: GI: "Re: http://Login:Password@WebsiteAdress.com"
- Reply: GI: "Re: http://Login:Password@WebsiteAdress.com"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
