- From: Marc de Graauw <marc@marcdegraauw.com>
- Date: Thu, 2 Nov 2006 10:46:20 +0100
- To: <www-tag@w3.org>
Elliotte Harold: | > 1) Passwords MUST NOT be transmitted in clear test. | | This restriction strikes me as a little strong, though perhaps | advisable. I have in the past frequently used HTTP Basic auth over | regular sockets (not SSL) for low security needs. For instance, I've | sometimes sent the same user name and password to multiple | reviewers for | a draft article. Mostly I'm just trying to keep Google's | search bot out | of it, and it doesn't bother me a great deal if someone not in my | approved list sees it. I had the same feeling reading this. I use HTTP Basic auth to keep spambots out of a semi-public wiki (I know others do this too), and don't feel bothered by clear-text passwords in this particular case. Marc
Received on Thursday, 2 November 2006 09:47:09 UTC