httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cliff Woolley <jwool...@apache.org>
Subject Re: Share data between servers
Date Mon, 12 Aug 2002 15:25:36 GMT
On Mon, 12 Aug 2002, Sbastien Bonnegent wrote:

> A client connect to "www.example1.com", and provide an authentification.
> Later, the same client connect to "www.example2.com" without give again
> an authentification.

How is that not a security problem?

Let's say we then have www.example3.attacker.com who provides the same
Realm to the proxy.  The proxy hands over the user's password to the
attacker without the client even knowing anything happened.

--Cliff


Mime
View raw message