Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Subject: Re: Remembering Passwords in IE
From: Mikael Olsson (mikael.olssonENTERNET.SE)
Date: Sat Apr 01 2000 - 15:34:37 CST
- Next message: Bluefish: "Re: Remembering Passwords in IE"
- Previous message: Jeferson: "Re: Exposures in MQ and CORBA"
- Next in thread: Bluefish: "Re: Remembering Passwords in IE"
- Reply: Bluefish: "Re: Remembering Passwords in IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> I think the authors of the HTTP RFC assumed stupid
> coders on the client side and intentionally left the safekeeping of
> passwords upon the server software (httpd). Which probably is the best,
> the other way around is *quite* harder to implement.
*ahem* You're completely forgetting about sniffing passwords
off the wire and DNS poisoning. This should be fixed in the
browser, and the correct fix is to nuke all password caching.
If there's a feature that makes life easier for Joe User, he
will use it, with no concern for security simply because he
didn't know there was a concern in the first place.
-- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-66 77 636 WWW: http://www.enternet.se E-mail: mikael.olssonenternet.se