Only the form: "http(s)://username:password@server/resource.ext" is being removed; basic auth is untouched. Cheers, Michael [Writing Secure Code 2nd Edition] http://www.microsoft.com/mspress/books/5957.asp [Protect Your PC] http://www.microsoft.com/protect [Blog] http://blogs.msdn.com/michael_howard -----Original Message----- From: ietf-http-wg-request@w3.org [mailto:ietf-http-wg-request@w3.org] On Behalf Of Dave Kristol Sent: Thursday, January 29, 2004 11:38 AM To: HTTP Working Group Subject: Microsoft to Strike IE URL Passwords <http://www.internetnews.com/dev-news/article.php/3305741> If I understand this article correctly, it sounds like MS IE will remove support for Basic Authentication. While we all agree that cleartext passwords are evil, this sounds to me like it will create a major compatibility problem at sites that use Basic. And note that it covers Basic over SSL, too, where the passwords would *not* be cleartext. Dave KristolReceived on Friday, 30 January 2004 11:55:23 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:22:11 GMT