Re: Disable basic authentication
From: Emanuel Schmid (listabb@sked.ch)
Date: 09/30/02
- Next message: Richard Khuzami: "Securoty Patch Outlook 2000 SR1"
- Previous message: brad: "computer passwords"
- In reply to: Jamie McDaniel: "Re: Disable basic authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Emanuel Schmid" <listabb@sked.ch> Date: Mon, 30 Sep 2002 09:48:29 +0200
I did on the server side, the server asks the browser to send the password
using digest (safe).
But imagine the following:
An attacker gain access to a point in the network between me and the web
server. The attacker intercepts my request to the web server, and modify
the answer to my browser, asking for basic (clear text passowrd sent)
instead of digest.
On my side, I enter my password, thinking that as usual, it won't be sent in
the clear, where as in fact it is! So I would like to disable basic on the
client side, so that even if someone in the middle of the communication line
tamper the datas (or a misconfiguration) IE won't, whatever happens, send
the passwords unprotected...
Emanuel
"Jamie McDaniel" <nospam@nospam.com> wrote in message
news:OzpEtKYZCHA.2452@tkmsftngp11...
> It sounds like you already did, uncheck it.
>
> Jamie
>
>
- Next message: Richard Khuzami: "Securoty Patch Outlook 2000 SR1"
- Previous message: brad: "computer passwords"
- In reply to: Jamie McDaniel: "Re: Disable basic authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
