Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Remembering Passwords in IE

Re: Remembering Passwords in IE

From: Mikael Olsson <mikael.olsson_at_ENTERNET.SE>
Date: Sat, 1 Apr 2000 23:34:37 +0200

Bluefish wrote:
>
> I think the authors of the HTTP RFC assumed stupid
> coders on the client side and intentionally left the safekeeping of
> passwords upon the server software (httpd). Which probably is the best,
> the other way around is *quite* harder to implement.
>

*ahem* You're completely forgetting about sniffing passwords
off the wire and DNS poisoning. This should be fixed in the
browser, and the correct fix is to nuke all password caching.
If there's a feature that makes life easier for Joe User, he
will use it, with no concern for security simply because he
didn't know there was a concern in the first place.

$.02

/Mike 

--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50           Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se        E-mail: mikael.olsson@enternet.se
Received on Apr 01 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos