Re: Insecure WWW Access Authorization Protocol?

Tony Sanders <sanders@BSDI.COM>

Mail folder: WWW Talk Jan 94-present
Next message: michael shiplett: "Re: Insecure WWW Access Authorization Protocol? "
Previous message: Rob Earhart: "Re: Insecure WWW Access Authorization Protocol?"
Maybe in reply to: michael shiplett: "Re: Insecure WWW Access Authorization Protocol? "
Reply: michael shiplett: "Re: Insecure WWW Access Authorization Protocol? "

Errors-To: listmaster@www0.cern.ch
Date: Tue, 8 Mar 1994 23:10:50 --100
Message-id: <199403082207.QAA28832@austin.BSDI.COM>
Errors-To: listmaster@www0.cern.ch
Reply-To: sanders@BSDI.COM
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: Tony Sanders <sanders@BSDI.COM>
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: Re: Insecure WWW Access Authorization Protocol? 
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Content-Length: 357

michael shiplett writes:
> "ts" == Tony Sanders <sanders@BSDI.COM> writes:
>   The URL is as trustworth as the source of the URL--whether the
> source is in or out of band.
If you cannot trust the server reply to get the realm information from
then why do you think you can trust the URL?  You have exactly the
same problems as when you started.

--sanders