Vulnerability Development mailing list archives
Re: Remembering Passwords in IE
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Sat, 1 Apr 2000 23:34:37 +0200
Bluefish wrote:
I think the authors of the HTTP RFC assumed stupid coders on the client side and intentionally left the safekeeping of passwords upon the server software (httpd). Which probably is the best, the other way around is *quite* harder to implement.
*ahem* You're completely forgetting about sniffing passwords off the wire and DNS poisoning. This should be fixed in the browser, and the correct fix is to nuke all password caching. If there's a feature that makes life easier for Joe User, he will use it, with no concern for security simply because he didn't know there was a concern in the first place. $.02 /Mike -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-66 77 636 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
Current thread:
- Re: Remembering Passwords in IE Mikael Olsson (Apr 01)
- Re: Remembering Passwords in IE Bluefish (Apr 02)
- Re: Remembering Passwords in IE Mikael Olsson (Apr 02)
- Re: Remembering Passwords in IE Dom De Vitto (Apr 04)
- Re: Remembering Passwords in IE Bluefish (Apr 05)
- Re: Remembering Passwords in IE Dom De Vitto (Apr 05)
- Re: Remembering Passwords in IE Scott Renfro (Apr 06)
- Re: Remembering Passwords in IE Bluefish (Apr 02)
- <Possible follow-ups>
- Re: Remembering Passwords in IE Hal Lockhart (Apr 07)
- Re: Remembering Passwords in IE Scott Renfro (Apr 07)
- Re: Remembering Passwords in IE Matthew S. Hallacy (Apr 07)
- Re: Remembering Passwords in IE Bob (Apr 08)