[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?
- From: "Mike Fratto" <mfratto@xxxxxxxxx>
- Subject: Re: [WEB SECURITY] username & pw in clear-text through SSL considered safe?
- Date: Mon, 16 Jun 2008 17:03:46 -0400
Bil, is that true when digest mode is used as well?
> Internet Explorer and Firefox send the HTTP Auth header on every request
> (after logging in). It's optional to do so (per the RFC) and presumably
> they do it to reduce network traffic and quicker page load. Not sending it
> means having the site prompt for it, then sending the request again, which
> comes out to two hits per page.
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
Brought to you by http://www.webappsec.org
Search this site
|