passwords to CGI
Erik Max Francis
max at alcyone.com
Tue Jan 14 21:11:02 EST 2003
Paul Rubin wrote:
> It's ok for some applications but not others. That's a matter for the
> application developer to decide. Think of how many unencrypted voice
> phone calls made every day. Those are also vulnerable to (legal or
> illegal) wiretapping, but most people think phones are secure enough
> for most conversations.
True, but many of those conversations don't involve private information.
Some do. We're specifically talking about a "conversation" that
involves private information, i.e. passwords.
> If you're using SSL, then it encrypts any HTTP Basic auth passwords
> just like it encrypts the other http traffic.
Well, sure. That's why I recommended using SSL.
--
Erik Max Francis / max at alcyone.com / http://www.alcyone.com/max/
__ San Jose, CA, USA / 37 20 N 121 53 W / &tSftDotIotE
/ \ Virtue has never been as respectable as money.
\__/ Mark Twain
REALpolitik / http://www.realpolitik.com/
Get your own customized newsfeed online in realtime ... for free!
More information about the Python-list
mailing list