nanog mailing list archives
RE: Latest IE patch breaking non username:password@encoded websites?
From: "David Schwartz" <davids () webmaster com>
Date: Tue, 3 Feb 2004 10:21:13 -0800
Yes they broke basic auth in a URL. I am uncertain as to why it was necessary to remove this functionality. Bryan
Apparently, there were ways to use this to make one URL look like the URL
of another site. According to Microsoft, it isn't just
'www.microsoft.com@63.49.11.12/foo', but there were other problems involving
being able to completely fool even technically savvy people (that is,
nothing on the screen would reveal the real source of the web page you were
looking at and every visible indicator was spoofable).
DS
Current thread:
- Latest IE patch breaking non username:password@encoded websites? Herman Harless (Feb 03)
- RE: Latest IE patch breaking non username:password@encoded websites? Bob German (Feb 03)
- Re: Latest IE patch breaking non username:password@encoded websites? Bryan Heitman (Feb 03)
- Re: Latest IE patch breaking non username:password@encoded websites? Jeff Workman (Feb 03)
- Re: Latest IE patch breaking non username:password@encoded websites? Scott Call (Feb 03)
- RE: Latest IE patch breaking non username:password@encoded websites? David Schwartz (Feb 03)
- Re: Latest IE patch breaking non username:password@encoded websites? Jeff Workman (Feb 03)
- Re: Latest IE patch breaking non username:password@encoded websites? Suresh Ramasubramanian (Feb 03)
- Re: Latest IE patch breaking non username:password@encoded websites? Alexei Roudnev (Feb 03)
- Re: Latest IE patch breaking non username:password@encoded websites? Duane Wessels (Feb 03)
- Re: Latest IE patch breaking non username:password@encoded websites? Alexei Roudnev (Feb 03)