Re: [Very OT] IIS Basic Authentication can be used for phishing
On Wed, 10 Nov 2004 07:13:56 +0000, Upayavira <uv@upaya.co.uk> wrote:
> >Just learned IIS Basic authentication
> How is this different from Apache's basic authentication
It isn't - Basic Authentication is part of the HTTP standard.
To quote: "The basic authentication scheme is a non-secure method of
filtering unauthorized access to resources on an HTTP server. It is
based on the assumption that the connection between the client and the
server can be regarded as a trusted carrier. As this is not generally
true on an open network, the basic authentication scheme should be
used accordingly"
- http://www.w3.org/Protocols/HTTP/1.0/draft-ietf-http-spec.html#BasicAA
--
David Dorward <http://dorward.me.uk><http://blog.dorward.me.uk>
Reply to: