[TYPO3-dev] secure?: https:// user:pw at website.tld
Peter Russ
peter.russ at 4many.net
Tue May 22 23:22:33 CEST 2012
--- Original Nachricht ---
Absender: Martin Bless
Datum: 21.05.2012 10:49:
>
> Asking here since we don't have a security related mailing list for
> obvious reasons :-)
>
> Does anybody know: Is it insecure to write https://user:pw@website.tld
> in the browser?
>
> Comments and pointers welcome.
>
1. It might be logged
2. Who is the man-in-the-middle?
3. Providing password in cleartext even on https is obsolete
4. Why do you want to do that?
5. Clear text password is a risk in general, i.e the password is in
clear text in DB: you have other problem-> don't worry about https ;-)
Peter
--
Fiat lux! Docendo discimus.
_____________________________
uon GbR
http://www.uon.li
http://www.xing.com/profile/Peter_Russ
More information about the TYPO3-dev
mailing list