Re: http://Login:Password@WebsiteAdress.com

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 08/15/03


Date: Fri, 15 Aug 2003 13:32:36 +1000


If someone else can get access to the machine, and look at the user's
history (or just look over the user's shoulder!), then they get the
username/password in the clear.

Cheers
Ken

"GI" <Jo@ezf.com> wrote in message
news:030201c362a8$b43b9fa0$a601280a@phx.gbl...
: Hi all,
:
: I would like to know wether there might be a security
: problem while sending this kind of request :
:
: http://Login:Password@WebsiteAdress.com for a secured web
: site with IIS (Network password).
:
: As I would like to allow my users to connect
: straightfully, is there any way to be hacked and somebody
: finds this http address.
:
: Does the problem still exist if we use https with SSL ?
:
: Thanks for your help.



Relevant Pages

  • Re: A little help with IWinHttpRequest::Send and PUT.
    ... I was trying to imply that at times state and religion fight over their backers. ... And both have shown in history that the do not follow the "intent" of their "scripts". ... if I send some data via PUT to an HTTP application and the ... flat file and then have my script read that. ...
    (microsoft.public.scripting.wsh)
  • Re: Is NFS export r/o safe from lan to dmz?
    ... ftp is a intrinsecally more complex protocol than http (see the problems ... the security history of ftp daemons is worse than the security ...
    (Debian-User)
  • Re: Is NFS export r/o safe from lan to dmz?
    ... ftp is a intrinsecally more complex protocol than http (see the problems ... the security history of ftp daemons is worse than the security ...
    (Debian-User)
  • Re: preventing external access to directory
    ... > but since Microsoft have ... > prevented the use of username/password combinations within the URL in IE, ... HTTP or HTTPS URLs ... To disable the new default behavior in Windows Explorer and Internet ...
    (comp.lang.php)
  • WCF Security - UserName
    ... I have a WCF service which I would like to secure using a username/password kombination. ... I have added the following code in the config file on the host: ... Before I create my proxy I am setting a username and a password on the ChannelFactory ... I can understand why I get it, because I am not passing a https url, but both the service and the application is running inside the firewall, so I would like to use normal http or mayby binary. ...
    (microsoft.public.dotnet.security)