- From: Elliotte Harold <elharo@metalab.unc.edu>
- Date: Wed, 01 Nov 2006 09:50:15 -0500
- To: Vincent.Quint@inrialpes.fr
- CC: www-tag@w3.org
Vincent Quint wrote: > The purpose of this finding is to clarify the security concerns around > using passwords on the world wide web. Specifically, the objective is > to point out a few conclusions the TAG has come to; > 1) Passwords MUST NOT be transmitted in clear test. This restriction strikes me as a little strong, though perhaps advisable. I have in the past frequently used HTTP Basic auth over regular sockets (not SSL) for low security needs. For instance, I've sometimes sent the same user name and password to multiple reviewers for a draft article. Mostly I'm just trying to keep Google's search bot out of it, and it doesn't bother me a great deal if someone not in my approved list sees it. -- Elliotte Rusty Harold elharo@metalab.unc.edu Java I/O 2nd Edition Just Published! http://www.cafeaulait.org/books/javaio2/ http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/
Received on Wednesday, 1 November 2006 14:50:32 UTC