Bugtraq: RE: MS to stop allowing passwords in URLs

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

RE: MS to stop allowing passwords in URLs

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 3 Feb 2004 07:54:22 -0800

   >>> Anyone have any comments regarding legitimate 
   >>> uses of this syntax and Microsoft removing it 
   >>> from their browser? (and presumably the OS since
   >>> the browser IS the OS).

It always was a bad idea to put plaintext passwords in URLs because it
encouraged users to give away passwords in links on public Web pages.  The
spoofing games were the second big problem with them that showed up later.
Glad to see Microsoft getting rid of the feature.

Richard

By Date By Thread

Current thread:

Re: MS to stop allowing passwords in URLs, (continued)
- Re: MS to stop allowing passwords in URLs 3APA3A (Feb 03)
- Re: MS to stop allowing passwords in URLs Dave McCormick (Feb 03)
- Re: MS to stop allowing passwords in URLs Nick FitzGerald (Feb 03)
- Re: MS to stop allowing passwords in URLs Sam Schinke (Feb 03)
- Message not available
  - Re: MS to stop allowing passwords in URLs Paul Smith (Feb 03)
- RE: MS to stop allowing passwords in URLs Richard M. Smith (Feb 03)
- RE: MS to stop allowing passwords in URLs Francis Favorini (Feb 03)
- RE: MS to stop allowing passwords in URLs Thor Larholm (Feb 03)
  - Re: MS to stop allowing passwords in URLs Sam Schinke (Feb 05)
- RE: MS to stop allowing passwords in URLs NESTING, DAVID M (SBCSI) (Feb 05)