WebApp Sec mailing list archives
Re: unable to access web site embeds username & password
From: Robert Hajime Lanning <robert.lanning () gmail com>
Date: Wed, 23 Jun 2004 22:15:10 -0700
On Tue, 22 Jun 2004 16:42:36 -0700 (PDT), Kevin R. Babcock <kevinb () ugcs caltech edu> wrote:
In fact, Internet Explorer and other browsers take the username and password out of the URL before making the request. They are instead placed in headers to do HTTP Basic Authentication when the request is made, and so the username and password never go over the wire in a URL. -Kevin
Well, it does not go over in the GET/POST statement, but usually in the same packet as part of the headers following the GET/POST. And it is in plain text (or BASE64 encoded). -- END OF LINE -MCP
Current thread:
- RE: unable to access web site embeds username & password, (continued)
- RE: unable to access web site embeds username & password Michael Howard (Jun 21)
- RE: unable to access web site embeds username & password Chris Thomas (Jun 21)
- RE: unable to access web site embeds username & password Noah Gray (Jun 21)
- RE: unable to access web site embeds username & password sk3tch (Jun 21)
- Re: unable to access web site embeds username & password Kevin R. Babcock (Jun 22)
- RE: unable to access web site embeds username & password Michael Silk (Jun 24)
- RE: unable to access web site embeds username & password Noah Gray (Jun 24)
- RE: unable to access web site embeds username & password Brown, James F. (Jun 24)
- RE: unable to access web site embeds username & password Kevin R. Babcock (Jun 23)
- Re: unable to access web site embeds username & password Andy bentley (Jun 24)
- Re: unable to access web site embeds username & password Robert Hajime Lanning (Jun 25)
- Open Source Security Exhibition help Pete Herzog (Jun 26)
- RE: unable to access web site embeds username & password Konstantin Ryabitsev (Jun 24)
- RE: unable to access web site embeds username & password Liam Quinn (Jun 26)
- RE: unable to access web site embeds username & password Kevin R. Babcock (Jun 23)