W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2004

RE: Microsoft to Strike IE URL Passwords

From: Paul Leach <paulle@windows.microsoft.com>
Date: Fri, 30 Jan 2004 14:32:09 -0500 (EST)
Message-ID: <91D7F2CEE3425A4A9D11311D09FCE24606F60C18@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
To: "Dave Kristol" <dmk@acm.org>, "HTTP Working Group" <ietf-http-wg@w3.org>
You read it incorrectly. We're changing IE so that passwords embedded in
HTTP URLs won't be allowed. This puts us in compliance with 2616 and 1738
(and sucessor). 

> -----Original Message-----
> From: ietf-http-wg-request@w3.org 
> [mailto:ietf-http-wg-request@w3.org] On Behalf Of Dave Kristol
> Sent: Thursday, January 29, 2004 11:38 AM
> To: HTTP Working Group
> Subject: Microsoft to Strike IE URL Passwords
> 
> 
> 
> 
> 
> <http://www.internetnews.com/dev-news/article.php/3305741>
> 
> If I understand this article correctly, it sounds like MS IE 
> will remove support for Basic Authentication.  While we all 
> agree that cleartext passwords are evil, this sounds to me 
> like it will create a major compatibility problem at sites 
> that use Basic.  And note that it covers Basic over SSL, too, 
> where the passwords would *not* be cleartext.
> 
> Dave Kristol
> 
> 

Received on Saturday, 31 January 2004 09:31:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:27 GMT