Not sure, but as you must know, cleartext passwords are easily sniffable. As long as the web site is not serving up private or critical information, I suppose there's no harm, but if it is, then you should consider using https and having a form that gets the credentials.
Bob On Aug 29, 2011, at 3:40 PM, Matthias Rebbe wrote: > Hi, > > is revServer able to read/get the username of an http authentication, if > username and password are included in the url. > > for example > > http://JohnDoe:abcd...@web.com is the url the customer uses to connect to > the server. Is it possible for revServer to get the username JohnDoe? > > Or are username and password removed by apache completely before passing the > url to revServer? > > Regards, > > Matthias > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
