[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: Re: Cookies at XML Europe 2004 -- Call for Participation

• To: "'xml-dev@l...'" <xml-dev@l...>
• Subject: RE: Re: Cookies at XML Europe 2004 -- Call for Participation
• From: Ralph Hilken <ralph.hilken@a...>
• Date: Tue, 6 Jan 2004 13:51:04 -0500

On Tuesday, January 06, 2004 10:47 AM EDT, Elliotte Rusty Harold
wrote:

> Why not? Also a good question. I think it's mostly a matter of 
> history and unfamiliarity with the design and technology of the Web, 
> as well as inertia.

Hello Harold:

In addition to HTTP authentication not being deployed due to lack of
popularity or experience with it, there are the recent "phishing"
exploits publicized, with warnings published by E-Week:
 http://www.eweek.com/article2/0,4149,1409700,00.asp
 http://www.eweek.com/article2/0,4149,1399670,00.asp

and Microsoft:
 http://support.microsoft.com/?id=833786

This will not promote usage of a technology when you are warned about 
its use (quoted from the above Microsoft Knowledge Base Article):
"The following list shows some of the characters that may appear in a 
URL that could lead to a spoofed Web site: 
%00
%01
@"

Made me have second thoughts about deploying HTTP authentication.  Shame 
we have to deal with this.

Regards,
Ralph

• Follow-Ups:
  • RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation
    • From: Elliotte Rusty Harold <elharo@m...>

• Prev by Date: Re: Re: Cookies at XML Europe 2004 -- Call for Particip ation
• Next by Date: Re: Another mutated variant of the 'PowerPoint makes yo udumb'story
• Previous by thread: Re: Re: Cookies at XML Europe 2004 -- Call for Particip ation
• Next by thread: RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation
• Index(es):
  • Date
  • Thread