Re: Insecure WWW Access Authorization Protocol?

Tony Sanders <sanders@BSDI.COM>
Errors-To: listmaster@www0.cern.ch
Date: Tue, 8 Mar 1994 23:10:50 --100
Message-id: <199403082207.QAA28832@austin.BSDI.COM>
Errors-To: listmaster@www0.cern.ch
Reply-To: sanders@BSDI.COM
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: Tony Sanders <sanders@BSDI.COM>
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: Re: Insecure WWW Access Authorization Protocol? 
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Content-Length: 357
michael shiplett writes:
> "ts" == Tony Sanders <sanders@BSDI.COM> writes:
>   The URL is as trustworth as the source of the URL--whether the
> source is in or out of band.
If you cannot trust the server reply to get the realm information from
then why do you think you can trust the URL?  You have exactly the
same problems as when you started.

--sanders