William Ballard wrote:
How is this different from Apache's basic authentication, which I believe also passes user/pass information as plain text?Just learned IIS Basic authentication transmits a users user name and password in Base64 over the internet.
MS recommends you use SSL with it.
But, even if you do that, can't you use an ISAPI to silently phish somebody's password? Or even if the dialog comes up, Granma and Granpa will hit okay.
Hm. Sorry, I know it's very OT, but I don't want to subscribe to a security list just to make this one observation.
Any thoughts?
You should use SSL with Apache too.
Regards, Upayavira
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
