Elliotte Harold: | > 1) Passwords MUST NOT be transmitted in clear test. | | This restriction strikes me as a little strong, though perhaps | advisable. I have in the past frequently used HTTP Basic auth over | regular sockets (not SSL) for low security needs. For instance, I've | sometimes sent the same user name and password to multiple | reviewers for | a draft article. Mostly I'm just trying to keep Google's | search bot out | of it, and it doesn't bother me a great deal if someone not in my | approved list sees it. I had the same feeling reading this. I use HTTP Basic auth to keep spambots out of a semi-public wiki (I know others do this too), and don't feel bothered by clear-text passwords in this particular case. MarcReceived on Thursday, 2 November 2006 09:47:09 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:56:04 GMT