On Wed, Nov 10, 2004 at 07:13:56AM +0000, Upayavira wrote: > > > How is this different from Apache's basic authentication, which I > believe also passes user/pass information as plain text? > > You should use SSL with Apache too.
Yeah, isn't the Security hole actually in IE, which gives up your username/password to anybody who asks for it so long as you press okay at that dialog? Firefox wouldn't do that. Seems like a pretty easy way to Phish. The problem is actually in the behavior of IE. I haven't tested it. It's too obvious a gaping hole. I must be overlooking something. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
