WebApp Sec mailing list archives

Re: unable to access web site embeds username & password

From: Robert Hajime Lanning <robert.lanning () gmail com>
Date: Wed, 23 Jun 2004 22:15:10 -0700

On Tue, 22 Jun 2004 16:42:36 -0700 (PDT), Kevin R. Babcock
<kevinb () ugcs caltech edu> wrote:

In fact, Internet Explorer and other browsers take the username and
password out of the URL before making the request.  They are
instead placed in headers to do HTTP Basic Authentication when the request
is made, and so the username and password never go over the wire in a URL.

-Kevin


Well, it does not go over in the GET/POST statement, but usually in
the same packet as
part of the headers following the GET/POST.  And it is in plain text
(or BASE64 encoded).

-- 
END OF LINE
       -MCP

Current thread:

RE: unable to access web site embeds username & password, (continued)
- RE: unable to access web site embeds username & password Michael Howard (Jun 21)
- RE: unable to access web site embeds username & password Chris Thomas (Jun 21)
- RE: unable to access web site embeds username & password Noah Gray (Jun 21)
- RE: unable to access web site embeds username & password sk3tch (Jun 21)
- Re: unable to access web site embeds username & password Kevin R. Babcock (Jun 22)
- RE: unable to access web site embeds username & password Michael Silk (Jun 24)
- RE: unable to access web site embeds username & password Noah Gray (Jun 24)
- RE: unable to access web site embeds username & password Brown, James F. (Jun 24)
  - RE: unable to access web site embeds username & password Kevin R. Babcock (Jun 23)
    - Re: unable to access web site embeds username & password Andy bentley (Jun 24)
    - Re: unable to access web site embeds username & password Robert Hajime Lanning (Jun 25)
    - Open Source Security Exhibition help Pete Herzog (Jun 26)
  - RE: unable to access web site embeds username & password Konstantin Ryabitsev (Jun 24)
    - RE: unable to access web site embeds username & password Liam Quinn (Jun 26)