httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject Re: FAQ: "I wanna use my system passwords for authentication"
Date Mon, 07 Apr 1997 22:32:47 GMT
On Mon, 7 Apr 1997, Rodent of Unusual Size wrote:

> >From the fingers of Marc Slemko flowed the following:
> >
> >Quite needed
> 
>     Okey, noted.
> 
> >              including a reasonably detailed technical outline of the
> >problems. 
> 
>     Hey, help me out here, eh?  Don't just dump it; at least include
>     some brief bullets so I don't miss anything..

- the passwords fly around in the clear for EVERY authorized request.
- passwords may be stored in the clear in easy to find place on the
   broswer's machine.
- the passwords may be stored/intercepted by proxy servers.
- local CGI owned by other people can be used to grab the passwords

- it voids the Apache warranty and you lose all accumulated Unix guru points.




Mime
View raw message