OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Remembering Passwords in IE
From: Mikael Olsson (mikael.olssonENTERNET.SE)
Date: Sat Apr 01 2000 - 15:34:37 CST


Bluefish wrote:
>
> I think the authors of the HTTP RFC assumed stupid
> coders on the client side and intentionally left the safekeeping of
> passwords upon the server software (httpd). Which probably is the best,
> the other way around is *quite* harder to implement.
>

*ahem* You're completely forgetting about sniffing passwords
off the wire and DNS poisoning. This should be fixed in the
browser, and the correct fix is to nuke all password caching.
If there's a feature that makes life easier for Joe User, he
will use it, with no concern for security simply because he
didn't know there was a concern in the first place.

$.02

/Mike

--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50           Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se        E-mail: mikael.olssonenternet.se