[Moin-user] HTTP AUTHENTICATION security

Nigel Metheringham nigel.metheringham at dev.intechnology.co.uk
Thu Feb 16 01:04:03 EST 2006


On Wed, 2006-02-15 at 17:48 +0000, Robert Schumann wrote:
> Trouble is, I'm not using SSL.  As far as I can see this means that 
> passwords will be transmitted in cleartext from the browser to the 
> server, which is a terrible security hole.  Am I correct in this?  And 
> is there nothing to be done about this except use SSL?

Yes, and Yes.

	Nigel.
-- 
[ Nigel Metheringham           Nigel.Metheringham at InTechnology.co.uk ]
[ - Comments in this message are my own and not ITO opinion/policy - ]






More information about the Moin-user mailing list