1995-12-20 - Re: (Fwd) SECURITY ALERT: Password protection bug in Netscape

Header Data

From: Jeff Barber <jeffb@sware.com>
To: karl@cosmos.cosmos.att.com (Karl A. Siil)
Message Hash: 995804b976774fdacc15a9df4d2a9dba45c1a60462f5508da6cd61feef5b46d0
Message ID: <199512201501.KAA28003@jafar.sware.com>
Reply To: <2.2b9.32.19951220115525.0069303c@cosmos.cosmos.att.com>
UTC Datetime: 1995-12-20 14:24:48 UTC
Raw Date: Wed, 20 Dec 95 06:24:48 PST

Raw message

From: Jeff Barber <jeffb@sware.com>
Date: Wed, 20 Dec 95 06:24:48 PST
To: karl@cosmos.cosmos.att.com (Karl A. Siil)
Subject: Re: (Fwd) SECURITY ALERT: Password protection bug in Netscape
In-Reply-To: <2.2b9.32.19951220115525.0069303c@cosmos.cosmos.att.com>
Message-ID: <199512201501.KAA28003@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain


Karl A. Siil writes:

> On a related note, how does Netscape (or HTTP in general) authenticate using
> the password? My best guess, without a sniffer, is (making up error codes as
> I go along, but you get the point):

> Anyway, lots of conjecture (sp?) here. Does anyone know how it really works
> or can point me at a reference? Thanks.

http://www.w3.org/hypertext/WWW/Protocols/HTTP1.0/draft-ietf-http-spec.html#AA


-- Jeff




Thread