Re: [Very OT] IIS Basic Authentication can be used for phishing

To: Debian Users List <debian-user@lists.debian.org>
Subject: Re: [Very OT] IIS Basic Authentication can be used for phishing
From: David Dorward <dorward@gmail.com>
Date: Wed, 10 Nov 2004 12:19:59 +0000
Message-id: <[🔎] 1b5927404111004194b49a1f@mail.gmail.com>
Reply-to: David Dorward <dorward@gmail.com>
In-reply-to: <[🔎] 4191BFB4.2020601@upaya.co.uk>
References: <[🔎] 20041110064836.GA15866@alltel.net> <[🔎] 4191BFB4.2020601@upaya.co.uk>

On Wed, 10 Nov 2004 07:13:56 +0000, Upayavira <uv@upaya.co.uk> wrote:
> >Just learned IIS Basic authentication
> How is this different from Apache's basic authentication

It isn't - Basic Authentication is part of the HTTP standard. 

To quote: "The basic authentication scheme is a non-secure method of
filtering unauthorized access to resources on an HTTP server. It is
based on the assumption that the connection between the client and the
server can be regarded as a trusted carrier. As this is not generally
true on an open network, the basic authentication scheme should be
used accordingly"
  - http://www.w3.org/Protocols/HTTP/1.0/draft-ietf-http-spec.html#BasicAA

-- 
David Dorward <http://dorward.me.uk><http://blog.dorward.me.uk>

Reply to:

Follow-Ups:
- Re: [Very OT] IIS Basic Authentication can be used for phishing
  - From: Robert Vangel <vangelr@rfgt.net>

References:
- [Very OT] IIS Basic Authentication can be used for phishing
  - From: William Ballard <nospam_40811@alltel.net>
- Re: [Very OT] IIS Basic Authentication can be used for phishing
  - From: Upayavira <uv@upaya.co.uk>

Prev by Date: Re: dpkg-divert error
Next by Date: Re: debian-user-digest Digest V2004 #1571
Previous by thread: Re: [Very OT] IIS Basic Authentication can be used for phishing
Next by thread: Re: [Very OT] IIS Basic Authentication can be used for phishing
Index(es):
- Date
- Thread