From: Tucker Taft <stt@averstar.com>
Subject: Re: ANNOUNCE- AWS - Ada Web Server (v0.3)
Date: 2000/01/20
Date: 2000-01-20T18:43:04+00:00 [thread overview]
Message-ID: <38875738.235D4D6F@averstar.com> (raw)
In-Reply-To: 864hib$50v$1@nnrp1.deja.com
Ted Dennison wrote:
>
> In article <862qre$ql1$1@wanadoo.fr>,
> "Pascal Obry" <p.obry@wanadoo.fr> wrote:
>
> > BTW, I've been really surprised to found out that the Web "Basic"
> > authentification is not at all secure. This is just a base64 encoded
> > "user:pws" string! Use a base64 decoder (10 lines of Ada see AWS
> > sources) and you get both the user name and the password :)
>
> I found this little ditty in the Apache FAQ:
>
> Web authentication passwords (at least for Basic authentication)
> generally fly across the wire, and through intermediate proxy systems,
> in what amounts to plaintext. "O'er the net we go/Caching all the way;/O
> what fun it is to surf/Giving my password away!"
>
> I think I've seen a longer version somewhere.
This is why before you type your password, you should check that
the page asking for it is using SSL (i.e. "https://...). SSL hides
your password until it reaches the destination.
>
> --
> T.E.D.
>
> http://www.telepath.com/~dennison/Ted/TED.html
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
--
-Tucker Taft stt@averstar.com http://www.averstar.com/~stt/
Technical Director, Distributed IT Solutions (www.averstar.com/tools)
AverStar (formerly Intermetrics, Inc.) Burlington, MA USA
prev parent reply other threads:[~2000-01-20 0:00 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-01-18 0:00 ANNOUNCE- AWS - Ada Web Server (v0.3) Pascal Obry
2000-01-19 0:00 ` Ted Dennison
2000-01-20 0:00 ` Tucker Taft [this message]
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox