From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: *
X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_00,INVALID_MSGID,
	MSGID_RANDY autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 107e1d,24d0bc347a68ce10
X-Google-Attributes: gid107e1d,public
X-Google-Thread: 103376,24d0bc347a68ce10
X-Google-Attributes: gid103376,public
From: Ted Dennison <dennison@telepath.com>
Subject: Re: ANNOUNCE- AWS - Ada Web Server (v0.3)
Date: 2000/01/19
Message-ID: <864hib$50v$1@nnrp1.deja.com>#1/1
X-Deja-AN: 574679404
References: <862qre$ql1$1@wanadoo.fr>
X-Http-Proxy: 1.0 x23.deja.com:80 (Squid/1.1.22) for client 204.48.27.130
Organization: Deja.com - Before you buy.
X-Article-Creation-Date: Wed Jan 19 14:26:37 2000 GMT
X-MyDeja-Info: XMYDJUIDtedennison
Newsgroups: comp.lang.ada,fr.comp.lang.ada
X-Http-User-Agent: Mozilla/4.6 [en] (WinNT; I)
Date: 2000-01-19T00:00:00+00:00
List-Id: <comp.lang.ada>

In article <862qre$ql1$1@wanadoo.fr>,
  "Pascal Obry" <p.obry@wanadoo.fr> wrote:

> BTW, I've been really surprised to found out that the Web "Basic"
> authentification is not at all secure. This is just a base64 encoded
> "user:pws" string! Use a base64 decoder (10 lines of Ada see AWS
> sources) and you get both the user name and the password :)

I found this little ditty in the Apache FAQ:

Web authentication passwords (at least for Basic authentication)
generally fly across the wire, and through intermediate proxy systems,
in what amounts to plaintext. "O'er the net we go/Caching all the way;/O
what fun it is to surf/Giving my password away!"

I think I've seen a longer version somewhere.

--
T.E.D.

http://www.telepath.com/~dennison/Ted/TED.html


Sent via Deja.com http://www.deja.com/
Before you buy.