Bugtraq: RE: MS to stop allowing passwords in URLs

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

RE: MS to stop allowing passwords in URLs

From: Francis Favorini <francis.favorini () duke edu>
Date: Tue, 3 Feb 2004 13:24:09 -0500

Vinny Abello [mailto:vinny () tellurian com] wrote...

Interestingly, I've already found that this patch doesn't fix
this problem when using IE as an object in VB6.

From the KB article:

http://support.microsoft.com/default.aspx?scid=kb;en-us;834489
"After you install the 832894 security update, you can set registry values
to use this new behavior in other programs that host the Web browser control
or to disable this new behavior for Windows Explorer and Internet Explorer."

The specifics of the registry values are also documented therein.

-FF

By Date By Thread

Current thread:

Re: MS to stop allowing passwords in URLs, (continued)
- Re: MS to stop allowing passwords in URLs Dave McCormick (Feb 03)
- Re: MS to stop allowing passwords in URLs Nick FitzGerald (Feb 03)
- Re: MS to stop allowing passwords in URLs Sam Schinke (Feb 03)
- Message not available
  - Re: MS to stop allowing passwords in URLs Paul Smith (Feb 03)
- RE: MS to stop allowing passwords in URLs Richard M. Smith (Feb 03)
- RE: MS to stop allowing passwords in URLs Francis Favorini (Feb 03)
- RE: MS to stop allowing passwords in URLs Thor Larholm (Feb 03)
  - Re: MS to stop allowing passwords in URLs Sam Schinke (Feb 05)
- RE: MS to stop allowing passwords in URLs NESTING, DAVID M (SBCSI) (Feb 05)