[4552] in WWW Security List Archive
Re: Basic Authentication
daemon@ATHENA.MIT.EDU (laweb)
Fri Feb 21 05:29:11 1997
Date: Fri, 21 Feb 1997 00:11:14 -0800
To: www-security@ns2.rutgers.edu
From: laweb@gyw.com (laweb)
Errors-To: owner-www-security@ns2.rutgers.edu
>Here's something very on topic for www-security. According to the HTTP/1.0
>specification (http://www.ics.uci.edu/pub/ietf/http/rfc1945.html#AA) the
>username and password used in Basic Authentication is sent as clear
>text. Does this not allow for the possibility of the information being
>snooped? Also, are there any authentication schemes in use other than
>Basic?
>
>Its one thing to have someone circumvent your security to download free
>nudies. To have them rooting through your confidential and proprietary
>corporate information is another thing altogether.
>
>--
> Aaron Abelard / aarona@iquest.net
> IQuest Internet / www.iquest.net
> Indianapolis, IN / 317.259.5050.301
Aaron,
If you have your basic authentication sessions through a secure server,
usernames and passwords (which are transmitted in cleartext) will be safe
from snooping. Or at least as safe as current web encryption allows.
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
H O S T I N G S P A C E A V A I L A B L E
Å@Å@Å@Å@Å@Å@ì™ñ{åÍljÇýǫǧǺÅBÅ@
- hosted on a direct 10 Mbit ethernet connection to the internet's
backbone in our Marina del Rey, CA, office (connection through LAP,
the Los Angeles Access Point).
- You get 100% access with Timbuktu (Mac) or telnet (UNIX/Linux).
- Our machine or yours.
Availability limited. First come first served. Please email us at
laweb@gyw.com with the subject "MDR hosting."
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Troy Korjuslommi
Technical Director/Webmaster
ALLIANCE STUDIO [WEST]
ph. (310) 458-0884
fx. (310) 395-5741
e. laweb@gyw.com
w3. http://gyw.com/alliance/
************* recommendations to the fortune standard I ******************
You shall know the Linux and the Linux shall set you free.
