From: Ted Dennison <dennison@telepath.com>
Subject: Re: ANNOUNCE- AWS - Ada Web Server (v0.3)
Date: 2000/01/19
Date: 2000-01-19T00:00:00+00:00 [thread overview]
Message-ID: <864hib$50v$1@nnrp1.deja.com> (raw)
In-Reply-To: 862qre$ql1$1@wanadoo.fr
In article <862qre$ql1$1@wanadoo.fr>,
"Pascal Obry" <p.obry@wanadoo.fr> wrote:
> BTW, I've been really surprised to found out that the Web "Basic"
> authentification is not at all secure. This is just a base64 encoded
> "user:pws" string! Use a base64 decoder (10 lines of Ada see AWS
> sources) and you get both the user name and the password :)
I found this little ditty in the Apache FAQ:
Web authentication passwords (at least for Basic authentication)
generally fly across the wire, and through intermediate proxy systems,
in what amounts to plaintext. "O'er the net we go/Caching all the way;/O
what fun it is to surf/Giving my password away!"
I think I've seen a longer version somewhere.
--
T.E.D.
http://www.telepath.com/~dennison/Ted/TED.html
Sent via Deja.com http://www.deja.com/
Before you buy.
next prev parent reply other threads:[~2000-01-19 0:00 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-01-18 0:00 ANNOUNCE- AWS - Ada Web Server (v0.3) Pascal Obry
2000-01-19 0:00 ` Ted Dennison [this message]
2000-01-20 0:00 ` Tucker Taft
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox