[3484] in WWW Security List Archive
Re: CGI Security
daemon@ATHENA.MIT.EDU (David Tauzell)
Thu Nov 7 15:00:10 1996
Date: Thu, 7 Nov 1996 11:36:59 -0600 (CST)
From: David Tauzell <tauzell@math.umn.edu>
To: Chad Schieken <cschieke@advsys.com>
cc: Saeid Parivash <PARIVASH@cc1.unt.edu>, www-security@ns2.rutgers.edu
In-Reply-To: <199611061444.JAA07484@sting.advsys.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Wed, 6 Nov 1996, Chad Schieken wrote:
> Try useing the type=password HTML tag. Users can still re-submit the form, but
> you knew that since the query was being sent on the network in clear text that
> it was comprimesed anyway.
In most browsers and OS's the password field can usually be copied and
pasted to get at the actuall text.
---
David Tauzell. I like unix.
