[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200402031553.i13Fra67010280@mtaw6.prodigy.net>
Date: Tue, 3 Feb 2004 07:54:22 -0800
From: "Richard M. Smith" <rms@...puterbytesman.com>
To: "'McAllister, Andrew'" <McAllisterA@...ystem.edu>,
<bugtraq@...urityfocus.com>
Subject: RE: MS to stop allowing passwords in URLs
>>> Anyone have any comments regarding legitimate
>>> uses of this syntax and Microsoft removing it
>>> from their browser? (and presumably the OS since
>>> the browser IS the OS).
It always was a bad idea to put plaintext passwords in URLs because it
encouraged users to give away passwords in links on public Web pages. The
spoofing games were the second big problem with them that showed up later.
Glad to see Microsoft getting rid of the feature.
Richard
Powered by blists - more mailing lists