W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2004

Re: Microsoft to Strike IE URL Passwords

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 30 Jan 2004 11:30:54 +0100
Message-ID: <401A325E.7080009@gmx.de>
Cc: HTTP Working Group <ietf-http-wg@w3.org>

Dave Kristol wrote:
> If I understand this article correctly, it sounds like MS IE will remove 
> support for Basic Authentication.  While we all agree that cleartext 
> passwords are evil, this sounds to me like it will create a major 
> compatibility problem at sites that use Basic.  And note that it covers 
> Basic over SSL, too, where the passwords would *not* be cleartext.

Looking at 
<http://support.microsoft.com/default.aspx?scid=kb;[LN];834489>, it 
seems that they do not discontinue Basic Auth, they just disallow 
embedding credentials in URLs. That's something different.

Julian


-- 
<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
Received on Friday, 30 January 2004 05:32:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:27 GMT