Bugtraq mailing list archives

RE: MS to stop allowing passwords in URLs

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 3 Feb 2004 07:54:22 -0800

   >>> Anyone have any comments regarding legitimate 
   >>> uses of this syntax and Microsoft removing it 
   >>> from their browser? (and presumably the OS since
   >>> the browser IS the OS).

It always was a bad idea to put plaintext passwords in URLs because it
encouraged users to give away passwords in links on public Web pages.  The
spoofing games were the second big problem with them that showed up later.
Glad to see Microsoft getting rid of the feature.

Richard

Current thread:

Re: MS to stop allowing passwords in URLs, (continued)
- - Re: MS to stop allowing passwords in URLs Östlund (Feb 04)
  - Re: MS to stop allowing passwords in URLs Nick FitzGerald (Feb 06)
  - Message not available
    - Re: MS to stop allowing passwords in URLs Vinny Abello (Feb 03)
- Re: MS to stop allowing passwords in URLs Ansgar -59cobalt- Wiechers (Feb 03)
- RE: MS to stop allowing passwords in URLs Andrew Harwood (Feb 03)
- Re: MS to stop allowing passwords in URLs 3APA3A (Feb 03)
- Re: MS to stop allowing passwords in URLs Dave McCormick (Feb 03)
- Re: MS to stop allowing passwords in URLs Nick FitzGerald (Feb 03)
- Re: MS to stop allowing passwords in URLs Sam Schinke (Feb 03)
- Message not available
  - Re: MS to stop allowing passwords in URLs Paul Smith (Feb 03)
- RE: MS to stop allowing passwords in URLs Richard M. Smith (Feb 03)
- RE: MS to stop allowing passwords in URLs Francis Favorini (Feb 03)
- RE: MS to stop allowing passwords in URLs Thor Larholm (Feb 03)
  - Re: MS to stop allowing passwords in URLs Sam Schinke (Feb 05)
- RE: MS to stop allowing passwords in URLs NESTING, DAVID M (SBCSI) (Feb 05)