Re: proposal: config option to prevent password storage
On Sun, Sep 22, 2002 at 11:11:00PM -0500, Karl Fogel wrote:
> "Barry Scott" <firstname.lastname@example.org> writes:
> > I would put this more strongly. You must default to a policy
> > of being secure.
> > I do not trust myself or my users to remember to block this
> > security hole reliably.
> With `http basic' authentication, worrying about plaintext passwords
> being stored on the client side has got to be some kind of joke -- the
> things are flying over the net in cleartext too. Therefore I think
> the current default is fine :-).
Note that there exist http daemons with ssl encryption for some
years. Even apache is capable doing that.
Robert Schiele Tel.: +49-621-181-2517
Received on Mon Sep 23 09:06:05 2002
- application/pgp-signature attachment: stored
This is an archived mail posted to the Subversion Dev