[TYPO3-dev] secure?: https:// user:pw at website.tld
Stefan Neufeind
typo3.neufeind at speedpartner.de
Mon May 21 15:05:53 CEST 2012
On 05/21/2012 03:01 PM, Martin Bless wrote:
> [Georg Ringer] wrote:
>
>> Hi,
>>
>> Am 21.05.2012 10:49, schrieb Martin Bless:
>>> Does anybody know: Is it insecure to write https://user:pw@website.tld
>>> in the browser?
>>
>> depends on the context, as usual...
>> if you give this link away you give away the credentials
>
> Yes, sure. I should have been more precise. What I mean is: I someone
> just observes the network traffic: Is the above notation less secure
> than doing a https://website.tld first and entering and sending
> username and password in a second step?
On the wire it's the same. In both cases http-basic-auth is supplied
inside the secured https-connection.
Kind regards,
Stefan
More information about the TYPO3-dev
mailing list